Limited-use keys and cryptograms

ABSTRACT

Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include encrypting account information with a first encryption key to generate a second encryption key, and encrypting key index information using the second key to generate a limited-use key (LUK). The key index information may include a key index having information pertaining to generation of the LUK. The LUK and the key index can be provided to the communication device to facilitate generation of a transaction cryptogram for a transaction conducted using the communication device, and the transaction can be authorized based on the transaction cryptogram generated from the LUK.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application claims the benefit of priority to U.S. ProvisionalApplication No. 61/918,643, filed on Dec. 19, 2013, U.S. ProvisionalApplication No. 61/941,227, filed on Feb. 18, 2014, U.S. ProvisionalApplication No. 61/982,169, filed on Apr. 21, 2014, and U.S. ProvisionalApplication No. 61/983,635, filed on Apr. 24, 2014, which are all hereinincorporated by reference in their entirety for all purposes.

This application is related to commonly owned U.S. Non-ProvisionalApplication (Atty Dkt. No. 79900-923273) entitled “Cloud-BasedTransactions Methods and Systems,” being filed concurrently on Dec. 19,2014, the contents of which is hereby incorporated by reference in itsentirety for all purposes.

BACKGROUND

Advances in the capabilities of portable communication devices haveallowed portable communication devices such as smart phones to be usedas payment instruments to conduct contactless transactions. For example,a portable communication device can be placed in proximity to an accessdevice such as a point-of-sale (POS) terminal to transfer accountinformation from the portable communication device to the access deviceto conduct a transaction. To provide a secure operating environment tosecurely store account information on a portable communication device, asecure element such as subscriber identity module (SIM) card,specialized integrated chip embedded into the portable communicationdevice, or specialized component provided as aftermarket solution isused. At the time of a transaction, the secure element communicatesdirectly with a contactless interface (e.g., a near-field communication(NFC) transceiver) of the portable communication device to pass paymentdata to a contactless reader of the access device. A secure element isconsidered secure because account information is stored intamper-resistant hardware, which protects the account information frommalware or viruses that may have infected the operating system or anapplication running on the portable communication device.

However, a secure element used in a portable communication device istypically not under the control of a financial institution, but isinstead under the control of a mobile network operator (MNO). As aresult, an issuer and/or payment processor may not have direct access toa secure element to provision it with account credentials and paymentfunctionalities. In order to gain access to a secure element, an issuerand/or payment processor may have to establish commercial agreements andtechnical connectivity with the party controlling the secure element toperform over-the-air (OTA) personalization of the secure element. Thisis both a cumbersome and complex process. Furthermore, incorporating asecure element adds to the manufacturing cost of the portablecommunication device, and increases the cost of the finished portablecommunication device.

Thus, in some cases, it would be desirable to use a portablecommunication device that does not have a secure element to makepayments. Or, if the portable communication device does have a secureelement, it may be desirable not to rely on the use of the secureelement. However, because a secure element is not used, transactionsecurity will be a concern.

Embodiments of the present invention address these and other problemsindividually and collectively. Specifically, embodiments of theinvention address the problem of security concerns with conductingpayment transactions with a mobile communication device that does nothave or does not rely on a secure element.

BRIEF SUMMARY

Embodiments of the present invention provide techniques for enhancingthe security of a communication device (e.g., a portable communicationdevice) when conducting a transaction using the communication device.The techniques described herein can be used with a communication devicethat may or may not have a secure element, because the techniques do notrequire the use of a secure element to safeguard account credentials.Embodiments of the invention instead utilize limited-use accountparameters that may have a limited lifespan, and once expired, may nolonger be used to conduct a transaction until the limited-use accountparameters are replenished from the cloud (e.g., a remote computer).Hence, transactions conducted using the techniques described herein maybe referred to as “cloud-based transactions.”

According to some embodiments, a method for enhancing the security of acommunication device when conducting a transaction using thecommunication device may include receiving, from a remote computer, alimited-use key (LUK) that is associated with a set of one or morelimited-use thresholds that limits usage of the LUK. The method may alsoinclude generating, by the communication device, a transactioncryptogram using the LUK, and sending, by the communication device to anaccess device, a token instead of a real account identifier and thetransaction cryptogram to conduct the transaction. The transaction canbe authorized based on at least whether usage of the LUK has exceededthe set of one or more limited-use thresholds.

According to some embodiments, a communication device may include aprocessor; and a memory coupled to the processor and storing a mobileapplication that performs operations for enhancing security of thecommunication device when conducting transactions using thecommunication device. The operations may include receiving a limited-usekey (LUK) that is associated with a set of one or more limited-usethresholds that limits usage of the LUK, generating a transactioncryptogram using the LUK, and sending a token instead of a real accountidentifier and the transaction cryptogram to conduct the transaction.The transaction may be authorized based on at least whether usage of theLUK has exceeded the set of one or more limited-use thresholds.

According to some embodiments, a method for enhancing the security of acommunication device when conducting a transaction using thecommunication device may include encrypting, by a computer, accountinformation with a first encryption key to generate a second encryptionkey, and encrypting key index information using the second key togenerate a limited-use key (LUK), where the key index informationincludes a key index having information pertaining to generation of theLUK. The method may also include providing the LUK and the key index tothe communication device to facilitate generation of a transactioncryptogram for a transaction conducted using the communication device.The transaction can be authorized based on the LUK and the transactioncryptogram.

According to some embodiments, a computer for enhancing the security ofa communication device when conducting a transaction using thecommunication device may include a processor, and a memory storingcomputer readable code, which when executes by the processor, causes thecomputer to encrypt account information with a first encryption key togenerate a second encryption key, encrypting key index information usingthe second key to generate a limited-use key (LUK), and provide the LUKand the key index to the communication device to facilitate generationof a transaction cryptogram for a transaction conducted using thecommunication device. The key index information may include a key indexhaving information pertaining to generation of the LUK. The transactioncan be authorized based on the LUK and the transaction cryptogram.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a block diagram of an example of a cloud-basedtransaction system, according to some embodiments.

FIG. 2 illustrates a communication flow diagram of an example of anenrollment and provisioning process, according to some embodiments.

FIG. 3 illustrates a communication flow diagram of an example ofexecuting an integrated chip based transaction, according to someembodiments.

FIG. 4 illustrates a communication flow diagram of an example ofexecuting a magnetic stripe based transaction, according to someembodiments.

FIG. 5 illustrates an example of a transaction verification log,according to some embodiments.

FIG. 6 illustrates a communication flow diagram of an example of apost-payment verification process, according to some embodiments.

FIG. 7 illustrates a communication flow diagram of an example of anaccount parameters replenishment process, according to some embodiments.

FIG. 8 illustrates an example of a process for generating a transactioncryptogram, according to some embodiments.

FIG. 9 illustrates an example of an encryption function, according tosome embodiments.

FIG. 10 illustrates a flow diagram of an example of a method forenhancing the security of a portable communication device, according tosome embodiments.

FIG. 11 illustrates a flow diagram of an example of another method forenhancing the security of a portable communication device, according tosome embodiments.

FIG. 12 illustrates a block diagram of an example of a portablecommunication device, according to some embodiments.

FIG. 13 illustrates a state diagram of an example of a mobileapplication in manual mode, according to some embodiments.

FIG. 14 illustrates a state diagram of an example of a mobileapplication in always-on mode, according to some embodiments.

FIG. 15 illustrates a state diagram of an example of a mobileapplication in always-on mode with on-device verification, according tosome embodiments.

FIG. 16 illustrates a block diagram of an example of a computer system,according to some embodiments.

DETAILED DESCRIPTION

Embodiments of the present invention provide for methods, devices, andsystems for cloud-based transactions that can be performed by acommunication devices with or without a secure element. The techniquesdescribed herein can utilize card emulation technology (e.g., Host CardEmulation (HCE), etc.) to emulate a smartcard on a communication device(e.g., a portable communication device) to allow a mobile applicationrunning on the portable communication device to conduct contactlesstransactions. In the card emulation environment, a mobile applicationcan access the contactless interface (e.g., a near-field communication(NFC) transceiver) of the portable communication device via theoperating system (OS) of the portable communication device withoutinvolving a secure element. As compared to secure elementimplementations, the card emulation approach reduces the technical andcommercial complexities for issuers and/or payment processors, becauseissuers and/or payment processors can provision account credentials andpayment functionalities to a mobile application on a portablecommunication device without having to obtain access to a secure elementthrough a mobile network operator.

By removing the control of payment functionalities and accountcredentials from the confines of a secure element, the tamper-resistanthardware based security provided by a secure element can no longer berelied on to safeguard account information. Without the requirement thata secure element be present, account credentials may be stored in amemory of the portable communication device that is not part of a secureelement, such as the general memory of the portable communicationdevice. As such, the account credentials may be susceptible to access bymalware or viruses that may have infected an application or operatingsystem of the portable communication device.

To enhance the security of a portable communication device whenconducting transactions without utilizing a secure element, instead ofusing stagnant account credentials stored on a portable communicationdevice which may be valid for the lifetime of an account, thecloud-based techniques described herein provision a portablecommunication device with limited-use account parameters that have alimited usage or lifespan. When the limited usage or lifespan of thelimited-use account parameters is exhausted, the same set of limited-useaccount parameters may no longer be used to conduct furthertransactions. In order to conduct further transactions using theportable communication device, new limited-use account parameters arereplenished to the portable communication device. The limited-useaccount parameters provided to the portable communication device can berenewed or replenished from the network (also be referred to as the“cloud”) repeatedly during the lifetime of an account. By managing thedelivery and lifecycle of the limited-use account parameters between aset of network based capabilities and the portable communication device,the compromise of mobile application software and/or account credentialsstored on a portable communication device becomes only a limitedsecurity risk, because stolen limited-use account parameters can at mostbe used for only a small number of transactions or limited monetaryamount.

Prior to discussing the details of some embodiments of the presentinvention, description of some terms may be helpful in understanding thevarious embodiments.

A “communication device” may be a device that includes one or moreelectronic components (e.g., an integrated chip) that can communicatewith another device. A “portable communication device” be acommunication device that can be transported and operated by a user. Aportable communication device may provide remote communicationcapabilities to a network. The portable communication device can beconfigured to transmit and receive data or communications to and fromother devices. A portable communication device may be in the form of amobile device such as a mobile phone (e.g., smart phone, cellular phone,etc.), tablets, portable media player, personal digital assistantdevices (PDAs), wearable computing device (e.g., watch), electronicreader device, etc., or in the form of a card (e.g., smart card) or afob, etc. Examples of portable communication devices may also includeportable computing devices (e.g., laptops, netbooks, ultrabooks, etc.).

A “server computer” may include a powerful computer or cluster ofcomputers. For example, the server computer can be a large mainframe, aminicomputer cluster, or a group of servers functioning as a unit. Inone example, the server computer may be a database server coupled to aWeb server. The server computer may be coupled to a database and mayinclude any hardware, software, other logic, or combination of thepreceding for servicing the requests from one or more client computers.The server computer may comprise one or more computational apparatusesand may use any of a variety of computing structures, arrangements, andcompilations for servicing the requests from one or more clientcomputers.

An “issuer” may typically refer to a business entity (e.g., a bank) thatmaintains an account for a user that is associated with a portablecommunication device such as an account enrolled in a mobile applicationinstalled on a portable communication device. An issuer may also issueaccount parameters associated with the account to a portablecommunication device. An issuer may be associated with a host systemthat performs some or all of the functions of the issuer on behalf ofthe issuer.

A “merchant” may typically be an entity that engages in transactions andcan sell goods or services, or provide access to goods or services.

An “acquirer” may typically be a business entity (e.g., a commercialbank) that has a business relationship with a particular merchant orother entity. Some entities can perform both issuer and acquirerfunctions. Some embodiments may encompass such single entityissuer-acquirers.

An “access device” may be any suitable device for communicating with amerchant computer or payment processing network, and for interactingwith a payment device, a user computer apparatus, and/or a user mobiledevice. An access device may generally be located in any suitablelocation, such as at the location of a merchant. An access device may bein any suitable form. Some examples of access devices include POSdevices, cellular phones, PDAs, personal computers (PCs), tablet PCs,hand-held specialized readers, set-top boxes, electronic cash registers(ECRs), automated teller machines (ATMs), virtual cash registers (VCRs),kiosks, security systems, access systems, Websites, and the like. Anaccess device may use any suitable contact or contactless mode ofoperation to send or receive data from, or associated with, a portablecommunication device. In some embodiments, where an access device maycomprise a POS terminal, any suitable POS terminal may be used and mayinclude a reader, a processor, and a computer-readable medium. A readermay include any suitable contact or contactless mode of operation. Forexample, exemplary card readers can include radio frequency (RF)antennas, optical scanners, bar code readers, or magnetic stripe readersto interact with a portable communication device.

An “authorization request message” may be an electronic message that issent to request authorization for a transaction. The authorizationrequest message can be sent to a payment processing network and/or anissuer of a payment card. An authorization request message according tosome embodiments may comply with ISO 8583, which is a standard forsystems that exchange electronic transaction information associated witha payment made by a user using a payment device or payment account. Theauthorization request message may include information that can be usedto identify an account. An authorization request message may alsocomprise additional data elements such as one or more of a service code,an expiration date, etc. An authorization request message may alsocomprise transaction information, such as any information associatedwith a current transaction, such as the transaction amount, merchantidentifier, merchant location, etc., as well as any other informationthat may be utilized in determining whether to identify and/or authorizea transaction. The authorization request message may also include otherinformation such as information that identifies the access device thatgenerated the authorization request message, information about thelocation of the access device, etc.

An “authorization response message” may be an electronic message replyto an authorization request message. The authorization response messagecan be generated by an issuing financial institution or a paymentprocessing network. The authorization response message may include, byway of example only, one or more of the following status indicators:Approval—transaction was approved; Decline—transaction was not approved;or Call Center—response pending more information, merchant must call thetoll-free authorization phone number. The authorization response messagemay also include an authorization code, which may be a code that acredit card issuing bank returns in response to an authorization requestmessage in an electronic message (either directly or through the paymentprocessing network) to the merchant computer that indicates approval ofthe transaction. The code may serve as proof of authorization. As notedabove, in some embodiments, a payment processing network may generate orforward the authorization response message to the merchant.

The term “authentication” and its derivatives may refer to a process bywhich the credential of an endpoint (including but not limited toapplications, people, devices, processes, and systems) can be verifiedto ensure that the endpoint is who they are declared to be.

The term “verification” and its derivatives may refer to a process thatutilizes information to determine whether an underlying subject is validunder a given set of circumstances. Verification may include anycomparison of information to ensure some data or information is correct,valid, accurate, legitimate, and/or in good standing.

A “token” may include a substitute identifier for some information. Forexample, a payment token may include an identifier for a payment accountthat is a substitute for an account identifier, such as a primaryaccount number (PAN). For instance, a token may include a series ofalphanumeric characters that may be used as a substitute for an originalaccount identifier. For example, a token “4900 0000 0000 0001” may beused in place of a PAN “4147 0900 0000 1234.” In some embodiments, atoken may be “format preserving” and may have a numeric format thatconforms to the account identifiers used in existing payment processingnetworks (e.g., ISO 8583 financial transaction message format). In someembodiments, a token may be used in place of a PAN to initiate,authorize, settle or resolve a payment transaction. The token may alsobe used to represent the original credential in other systems where theoriginal credential would typically be provided. In some embodiments, atoken value may be generated such that the recovery of the original PANor other account identifier from the token value may not becomputationally derived. Further, in some embodiments, the token formatmay be configured to allow the entity receiving the token to identify itas a token and recognize the entity that issued the token.

A “real account identifier” may include an original account identifierassociated with a payment account. For example, a real accountidentifier may be a primary account number (PAN) issued by an issuer fora card account (e.g., credit card, debit card, etc.). For instance, insome embodiments, a real account identifier may include a sixteen digitnumerical value such as “4147 0900 0000 1234.” The first six digits ofthe real account identifier (e.g., “414709”), may represent a realissuer identifier (BIN) that may identify an issuer associated with thereal account identifier.

“Account parameters” may refer to information relating to an accountthat can be used to conduct a transaction on the account. Examples ofaccount parameters may include information that can be used to identifyan account of the user (e.g., real account identifier, alternate accountidentifier, token, etc.), data or information relating to the status ofthe account, one or more keys that are used to generate cryptographicinformation, data or information relating to the one or more keys, etc.An account parameter can be semi-static or dynamic. A dynamic accountparameter may be an account parameter that has a limited lifespan, andwhich once expired, can no longer be used to conduct a transaction untilthe account parameter is replenished, refreshed, or renewed. A dynamicaccount parameter may be replenished frequently during the lifetime ofan account. A semi-static account parameter may be an account parameterthat has an extended lifespan that is longer than a dynamic accountparameter, and can be replenished less frequently than a dynamic accountparameter or not at all during the lifetime of the account.

A “key” may refer to a piece of information that is used in acryptographic algorithm to transform input data into anotherrepresentation. A cryptographic algorithm can be an encryption algorithmthat transforms original data into an alternate representation, or adecryption algorithm that transforms encrypted information back to theoriginal data. Examples of cryptographic algorithms may include tripledata encryption standard (TDES), data encryption standard (DES),advanced encryption standard (AES), etc.

A “cryptogram” may refer to an encrypted representation of someinformation. A cryptogram can be used by a recipient to determine if thegenerator of the cryptogram is in possession of a proper key, forexample, by encrypting the underlying information with a valid key, andcomparing the result to the received cryptogram.

A “limited-use threshold” may refer to a condition that limits the usageof a piece of information. A limited-use threshold may be exceeded orexhausted when the underlying condition is met. For example, alimited-use threshold may include a time-to-live that indicates anamount of time for which a piece of information is valid, and once thatamount of time has elapsed, the limited-use threshold is exceeded orexhausted, and the piece of information may become invalid and may nolonger be used. As another example, a limited-use threshold may includea number of times that a piece of information can be used, and once thepiece of information has been used for that number of times, thelimited-use threshold is exceeded or exhausted, and the piece ofinformation may become invalid and may no longer be used.

Details of some embodiments of the present invention will now bedescribed.

I. Account Parameters

The cloud-based transactions system according to some embodimentsprovides a set of functionalities to manage the deployment and usage ofaccount parameters for transactions conducted using a portablecommunication device. Account parameters (may also be referred to as“account credentials”) are information relating to an account (e.g., afinancial account, bank account, payment account, etc.) associated witha user that can be used to conduct transactions on the user's account.

The account parameters can be provided or provisioned to a portablecommunication device to enable the portable communication device toconduct transactions on the user's account (e.g., by placing theportable communication device in proximity to a contactless reader of anaccess device such as a point-of-sale (POS) terminal).

Account parameters may include a semi-static set of data and a dynamicset of data, and some or all of the account parameters may belimited-use account parameters. The semi-static set of data may includean identifier that can be used to identify an account associated withthe user (e.g., an account identifier such as a primary account number(PAN), an alternate account identifier such as an alternate PAN, or atoken that is a substitute for an account identifier, etc.), an expirydate, and/or other account details or data that does not necessarilychange for an extended period of time, or in some embodiments, for thelifetime of the account. The dynamic set of data may include one or morekeys, information associated with the one or more keys, and/or otherdynamic data that has a limited lifespan, and are repeatedly refreshedor replenished during the lifetime of an account. The dynamic set ofdata can be used for or relates to on-device generation of dynamictransaction cryptograms, or represent dynamic transaction data duringpayment transactions.

The dynamic set of data may be limited-use in the sense that the dynamicset of data can be used for only a limited time or a limited number oftransactions, and may need to be renewed, refreshed, updated, orreplenished when the dynamic set of data has exhausted its limitedusage. For example, the dynamic set of data may include a limited-usekey (LUK) that is used as an encryption key to generate a transactioncryptogram during a transaction. The LUK may be associated with a set ofone or more limited-use thresholds that limits the usage of the LUK,where once the usage of the LUK has exhausted or exceeded the set of oneor more limited-use thresholds, a further transaction conducted usingthat LUK will be declined even if the underlying account is still ingood standing. The set of one or more limited-use thresholds to enforcecan be determined, for example, by an issuer of the account or by acloud-based payments platform that provides the cloud-based transactionservice.

The set of one or more limited-use thresholds may include at least oneof a time-to-live indicating the duration of time for which the LUK isvalid, a predetermined number of transactions for which the LUK isvalid, and/or a cumulative transaction amount indicating the totaltransaction amount summed across one or more transactions for which theLUK is valid, or any combination thereof. For example, a LUK may bevalid for a time-to-live of five days, and a transaction conducted usingthat LUK after five days have elapsed since the LUK was generated may bedeclined. As another example, a LUK may be valid for a predeterminednumber of five transactions, and a sixth transaction (and any subsequenttransaction) conducted using that LUK may be declined. As a furtherexample, a LUK may be valid for a cumulative transaction amount of fivehundred dollars, and a transaction conducted using the LUK after thatLUK has already been used for transactions totaling more than fivehundred dollars may be declined.

It should be understood that the limited usage values described aboveare just examples, and that other usage limits can be used. For example,the number of transactions usage limit can be set to a number in therange of 2 to 10 transactions, or a number in the range of 5 to 50transactions, etc., and the cumulative transaction amount can be set toa value in the range of $100 to $5,000, or a value in the range of $10to $1000, etc.

It should also be noted that in some embodiments, the number oftransactions limited-use threshold can be set to one transaction sucheach LUK is valid for only one transaction. However, in someembodiments, the network bandwidth available to a portable communicationdevice may be limited, or the portable communication device may notalways have uninterrupted network connectivity. As such, the number oftransactions limited-use threshold can be set to more than onetransaction (e.g., five transactions) in some embodiments, for example,to reduce the frequency and amount of LUK replenishments over time, andhence reduce the amount of network traffic used by the portablecommunication device over time.

In some embodiments, the set of one or more limited-use thresholds mayalso include an international usage threshold and a domestic usagethreshold indicating separate limits for international transactionsversus domestic transactions. For example, the number of transactionsthat a LUK may be valid for can be higher for domestic transactions thanfor international transactions, if international transactions are deemedto be more risky. The set of one or more limited-use thresholds may alsoinclude a low value transaction threshold and a high value transactionthreshold indicating separate limits for low value transactions versushigh value transactions. For example, the number of transactions that aLUK may be valid for can be higher for low value transactions (e.g., LUKvalid for ten transactions under $20) than for high value transactions(e.g., LUK valid for five transactions over $20) such that low valuetransactions will trigger replenishment of the LUK less frequently thanhigh value transactions.

In some embodiments, the set of one or more limited-use thresholdsassociated with an account may change when the LUK is replenished suchthat a new LUK replacing a previous LUK may have one or more differentusage limits than the previous LUK. This may occur, for example, basedon changes in the consumer spending habits, the location of the portablecommunication device, or the time of the year, etc. For example, a newLUK may have a higher usage limit if the user has a recent pattern ofconducting many high value transactions, or when it is during theholiday season when transaction activity is expected to increase. Asanother example, a new LUK may have a lower usage limit if the locationof the portable communication device indicates that the user may havetraveled to a high risk country where fraud is prevalent.

In embodiments in which a LUK is associated with more than onelimited-use thresholds, the usage of the LUK can be exhausted when anyone of the limited-use thresholds is exceeded, or when some combinationof the limited-use thresholds is exceeded. Hence, replenishment of theLUK may be triggered when any one of the limited-use thresholds isexceeded or is about to be exceeded, or when some combination of thelimited-use thresholds is exceeded or is about to be exceeded.

In some embodiments, a limited-use threshold associated with a LUK of anaccount may have different usage limits configured in differentcomponents or entities of the cloud-based transaction system. In otherwords, different components or entities may have different usage limitsfor a particular limited-use threshold to trigger replenishment of theLUK. The components or entities that may be configured with differentusage limits may include, for example, the portable communication deviceof the user, the cloud-based service provider, and/or the issuer/hostsystem. According to some embodiments, the usage limit at the portablecommunication device can be set lower than the usage limit atcloud-based service provider, and the usage limit at the cloud-basedservice provider can be set lower than the usage limit at the issuer.For example, a LUK may have a time-to-live limited-use threshold, andthe on-device usage limit to trigger replenishment of the LUK at theportable communication device can be set at 2 days, the service providerusage limit at the cloud-based service provider can be set at 4 days,and the issuer usage limit at the issuer can be set at 5 days. In thisexample, the portable communication device would normally initiatereplenishment of the LUK after 2 days. However, if the portablecommunication device is turned off or has lost network connectivity, thecloud-based service provider can initiate replenishment of the LUK after4 days, or the issuer can initiate the replenishment after 5 days, ifthe LUK has not been renewed prior to that to ensure the LUK does notremain stale.

In some embodiments, the different components or entities of thecloud-based transaction system may be configured with differentlimited-use thresholds that may trigger LUK replenishment. For example,the on-device set of one or more limited-use thresholds configured onthe portable communication device may include a time-to-live and anumber of transactions that will trigger LUK replenishment initiated bythe portable communication device, while the cloud-based serviceprovider and/or the issuer/host system may additionally or alternativelybe configured with a cumulative transaction amount to trigger LUKreplenishment initiated by the cloud-based service provider and/or theissuer/host system. In other words, different components or entities maymonitor different types of conditions or limited-use thresholds totrigger replenishment of the LUK.

In some embodiments, the set of one or more limited-use thresholds maybe account specific (e.g., where different accounts may have differentusage limits), portable communication device specific (e.g., wheredifferent portable communication devices of the user may have differentusage limits even if the underlying account is the same), and/or mobileapplication specific (e.g., where different mobile applications may havedifferent usage limits even if the mobile applications are installed onthe same portable communication device and/or if the underlying accountis the same). In some embodiments, the LUK may also have other userestrictions such as which type of merchant, which particular merchant,or which geographical location where the LUK can be used. The particularrules or risk parameters for triggering the LUK replenishment and/or forsetting the limited-use thresholds can be determined by the issuer orcloud-based transactions provider.

The dynamic set of data may also include a key index that is associatedwith the LUK. The key index may include information pertaining to thegeneration of the LUK. For example, the key index may be used as a seedto generate its corresponding LUK. The key index may include timeinformation (e.g., a timestamp) indicating when the LUK is generated,and/or may include a replenishment counter value indicating the numberof times that the LUK has been renewed or replenished for a particularaccount, mobile application, or portable communication device. In someembodiments, the replenishment counter value may indicate the number oftimes the LUK has been replenished within a predetermined time period,and the replenishment counter value may reset when each predeterminedtime period elapses. This predetermined time period may correspond, forexample, to the smallest unit of time determinable from the timeinformation, although other predetermined time periods can be used. Asan example, if the time information included in the key index indicatesdown to which hour the current LUK is generated, the counter value mayindicate the number of times the LUK has been replenished in the hour.In some embodiments, the LUK may include an application transactioncounter value indicating the number of transactions that has beenpreviously conducted by a mobile application of the portablecommunication device at the time the LUK is generated, or may include apseudo random number generated by a cloud-based transaction serviceprovider or by a suitable entity such as an issuer involved inprocessing the transaction. It should be understood that the key indexmay include one or more pieces of information pertaining to thegeneration of the LUK, and that one or more or all pieces of informationincluded in the key index may be used as a seed to generate the LUK.

In some embodiments, the semi-static set of data may also includelimited-use account parameters that have their own set of limited-usethresholds and/or own set of use restrictions. Although in someembodiments, an account identifier such as a PAN can be used and storedon the portable communication device, a PAN may be valid for thelifetime of an account and may be used for a wide range of differenttypes of transactions (e.g., card present transactions, onlinetransactions, etc.). As such, to further enhance the security of theportable communication device and to reduce the impact if the accountparameters are compromised, in some embodiments, instead of using andstoring a PAN in the portable communication device, an alternate accountidentifier (e.g., an alternate PAN) or a token that is a substitute foran account identifier may be used.

An account may have one or more alternate account identifiers and/ortokens associated with the account. Each alternate account identifier ortoken may be restricted to the type of transactions in which thealternate account identifier or token can be used. For example, anaccount may be associated with a first token that can only be used foronline transactions and a second token that can only be used forcloud-based transactions, and an online transaction conducted using thecloud-based token will be declined. Other types of use restrictions mayinclude restrictions on what type of merchant or which merchant and/orwhich geographical location that the alternate account identifier ortoken can be used.

An alternate account identifier or a token may also have its own set oflimited-use thresholds (e.g., time-to-live, number of transactions,and/or cumulative transaction amount, etc.). In some embodiments, thelimited-use thresholds of an alternate account identifier or a token mayhave higher usage limits than those of the dynamic set of data (e.g.,LUK) such that the replenishment of the alternate account identifier ortoken occurs less frequently. For example, an alternate accountidentifier or a token may have a time-to-live of a year whereas thetime-to-live of a LUK may be five days. As another example, an alternateaccount identifier or a token may be valid for up to two thousandtransactions whereas a LUK may be valid for up to five transactions. Itshould be understood that in some embodiments, the usage limits of thealternate account identifier or token can also be set to be the same asthose of the dynamic set of data (e.g., LUK), such that replenishment ofthe alternate account identifier or token occurs at the same time as thedynamic set of data.

II. Cloud-Based Transaction System Overview

In the cloud-based transaction system, issuers of accounts may configureservice portfolio characteristics to define the risk parameters andhence the limited-use thresholds of account parameters for accountsbelonging to a particular portfolio. The limited-use thresholds can beused to manage the triggers for refreshing or replenishing accountparameters on a provisioned portable communication device. To ensurethat the cloud-based transactions are processed according to the riskparameters specified in the service profile for an account, several corefunctions are implemented in the system to manage the deployment andusage of the account parameters. These functions may includeprovisioning, active account management, verification for payment,transaction processing, lifecycle management, and post-paymentprocessing.

Provisioning may entail taking an enrolled account, creating accountparameters such as an identifier to identify the enrolled account forcloud-based transactions (e.g., an alternate account identifier such asan alternate PAN or token) and an initial dynamic set of data to ensurethe account parameters have only limited use after delivery to theportable communication device, and inheriting the service profile (e.g.,limited-used thresholds) that has been established for the portfoliothat the enrolled account belongs to. Depending on the type oftransactions supported, the dynamic set of data may include a LUK and/orother dynamic data such as a key index. The LUK, for example, can beused by the portable communication device during a transaction tocalculate a transaction cryptogram or limited-use dynamic data such as averification value to support legacy transactions that use verificationvalues (e.g., dynamic card verification value (dCVV)).

After an account is provisioned onto the portable communication device,the relevant service profile details (e.g., limited-use thresholds) canbe shared with the transaction processing software and entities in thesystem to ensure transaction authorization decisions are handledproperly. Additionally, the service profile details (e.g., limited-usethresholds) can be provided to the on-device cloud-based transactionsoftware of the mobile application installed on the portablecommunication device to ensure that the account parameters are managedappropriately on the portable communication device. As discussed above,different usage limits for triggering account parameters replenishmentcan be set at the different entities in the cloud-based transactionsystem, and thus the service profile may define different usage limitsof each limited-use threshold to be set at the different entities thatmay initiate account parameters replenishment (e.g., portablecommunication device, cloud-based service provider, issuer, etc.).

After provisioning, the cloud-based transaction system may performactive account management to initiate the renewal or replenishment ofthe account parameters. The active account management processes can betriggered by transaction processing activity or initiated by the mobileapplication running on the portable communication device. If the serviceprofile parameters for a particular account indicate that the accountparameters on the device should be replaced (e.g., have exhausted theirusage limits), the active account management capability recognizes thisand attempts to connect to the portable communication device toreplenish the account parameters. Additionally or alternatively, if theon-device service profile parameters managed by the mobile applicationindicate that account parameter replenishment is needed or is close tobe being needed, then the mobile application can request accountparameter replenishment.

To provide verification for payments, the cloud-based transaction systemalso has a capability to provide on-device verification functionalitiesto the payment processing network prior to or during a transaction toprovide some level of verification that the transaction was initiatedand intended by a proper user of the portable communication device. Theon-device verification may include cardholder verification methods(CVMs) that can be used as verification for payment for provisionedaccounts. As part of the service profile for a portfolio, specific rulesfor what can be used as CVM (e.g., screen lock, application passcode,etc.) can be established and shared with the provisioning, activeaccount management, and transaction processing capabilities.

After an account is provisioned, the transaction processing capabilityof the system can provide awareness that a transaction being conductedis performed using a cloud-based account. When a cloud-based account isidentified, the transaction processing capability of the cloud-basedtransaction system can ensure that the service profile parameters (e.g.,limited-use thresholds) are verified, applied, and communicated to theissuer in transaction processing messages. This capability also ensuresthat any necessary active account management actions are initiated. Forexample, account identifying information provided during a transactioncan be used to identifying an account as a cloud-based account if theaccount identifying information corresponds to an account identifierrange (e.g., a PAN range) that is dedicated for cloud-basedtransactions, or if the account identifying information corresponds toan alternate PAN or token that is used only for cloud-basedtransactions.

After an account has been provisioned for cloud-based transactions, thelifecycle management functionality may allow the user or the issuer tomanage the lifecycle of the provisioned account. Lifecycle managementevents such as suspension or deletion of an account may beconsumer-initiated. For example, reporting a lost or stolen portablecommunication device and/or an associated card by the consumer maytrigger suspension or deletion of an account from a portablecommunication device, or a user may elect to remove a provisionedaccount from the portable communication device. Lifecycle managementevents can also be issuer-initiated, for example, based on riskmanagement or account reissuance activities. In some embodiments, otherparties that may be involved in the processing of cloud-basedtransactions or managing cloud-based accounts, including merchants ormulti-issuer mobile wallet providers, may also initiate lifecycleactions.

FIG. 1 illustrates a cloud-based transaction system 100, according tosome embodiments. The core components of system 100 may include acloud-based payments platform (CBPP) 180 and a mobile applicationplatform (MAP) 170 to manage cloud-based transactions conducted usingportable communication device 101. CBPP 180 may be referred to as aremote computer, and may be implemented using one or more computingdevices or computers, such as one or more server computers, and can beassociated with or be operated by a cloud-based service provider such asan issuer, payment processor, and/or other suitable entities. CBPP 180may manage cloud-based accounts, provide verification functions forcloud-based transactions, manage lifecycle messages from issuer/hostsystem 172 or MAP 170, as well as initiate lifecycle management events.CBPP 180 may also assist issuer/host system 172 with post paymentfunctionalities to mitigate the risk against counterfeit accountparameters, and limit the exposure on account parameters stored on thedevice. For example, CBPP 180 can be used to facilitate issuer/hostsystem 172 requests for periodic post payment verification of paymenttransactions and/or validation of account parameters replenishmentrequests using post payment information.

CBPP 180 may also implement a set of key management functions thatmanages issuer master derivation keys (MDKs) from which the limited-usekeys (LUKs) for cloud-based transactions are derived. CBPP 180 mayimplement a set of provisioning functions that manages the preparationand delivery of cloud-based account parameters (e.g., alternate accountidentifier or token, initial LUK and associated key index, etc.) to MAP170 for the initial setup of the mobile application 112 on portablecommunication device 110. CBPP 180 may also manage the cloud-basedaccounts for processing by issuer/host system 172, and may performactive account management functions such as functions to generateaccount parameters based on requests or the risk profile of thecloud-based account per CBPP 180 risk management parameters. CBPP 180may also maintain the account status for each cloud-based account, andmanage the replenishment or refreshing of the account parameters.

In some embodiments, CBPP 180 may also implement or be provided withaccess to a token service 182 and/or a token vault 184. Token service182 can be used to generate, process, and maintain tokens, which aresubstitute identifiers for account identifiers. During a transaction,instead of using a real account identifier (e.g., a primary accountnumber (PAN)) to identify the account of the user, a token can be usedinstead to identify the account. By using a token as a substitute for anaccount identifier, the risk of comprising real account information canbe mitigated. As indicated above, a token may have its own set of userestrictions, and token service 182 may manage the deployment and usageof the tokens according to their use restrictions. Token service 182 maybe in communication with token vault 184 where the generated tokens arestored. Specifically, token vault 184 may maintain a mapping between atoken and the real account identifier (e.g., PAN) represented by thetoken. During transaction processing, token vault 184 may be queried toretrieve the real account identifier or PAN associated with the token.

MAP 170 is used to facilitate communications between mobile application112 executing on portable communication device 101 and other entities incloud-based transactions system 100 such as CBPP 180 and/or issuer/hostsystem 172, etc. MAP 170 may communicate with portable communicationdevice 101 via a communications network 192 such as the Internet. Insome environments, portable communication device 101 may not always haveconstant network connectivity, and thus one of the primary roles of MAP170 is to intermediate requests between mobile application 112 and theother entities in the cloud-based transactions system 100 to ensure thatrequests and responses involving mobile application 112 are fulfilled assoon as network connectivity to portable communication device 101 isestablished. MAP 170 may be referred to as a remote computer, and may beimplemented using one or more computing devices or computers such as oneor more server computers, and can be associated with or be operated bythe provider of mobile application 112. The provider of mobileapplication 112 can be, for example, an issuer, a bank, a third-partymobile wallet provider, a merchant, or other suitable entities. In someembodiments, MAP 170 can be associated with or be operated by the sameentity as CBPP 180, or they can be separate. Although MAP 170 isillustrated as a separate logical entity in FIG. 1 because CBPP 180 isnot expected to communicate directly with portable communicationdevices, it should be understood that in some embodiments, some or allof the functionalities of MAP 170 may be integrated as part of CBPP 180.Examples of MAP 170 may include mobile banking platforms and mobilewallet platforms.

In some embodiments, MAP 170 may implement authenticationfunctionalities to authenticate portable communication device 101 whenportable communication device 101 communicates with the other entitiesin cloud-based transaction system 100 via MAP 170. The authenticationfunctionalities may ensure that a portable communication devicecommunicating with the system is an authorized portable communicationdevice and/or a portable communication device that has not been hacked,infected with malware or virus, or otherwise been compromised. Forexample, MAP 170 may perform, request, or facilitate a devicefingerprint of portable communication device 101 to capture the state ofportable communication device 101 when portable communication device 101communicates with MAP 170. The device fingerprint may, for example,capture information about portable communication device 101 such as theoperating system and version, applications installed on portablecommunication device 101, memory usage, whether portable communicationdevice 101 has been jail-broken, device identifiers such as a portablecommunication device identifier, and/or other suitable devicecharacteristics.

MAP 170 may verify the device fingerprint of portable communicationdevice 101 for each communication session established with portablecommunication device 101 or periodically (e.g., once every fivecommunication sessions, once a month, etc.). If the device fingerprintof a portable communication device indicates that the portablecommunication device is not an authorized device for an account (e.g.,the portable communication device requesting replenishment of accountparameters is a different device than the original device that was usedto enroll the account), or if the device fingerprint indicates that theportable communication device may potentially be hacked, MAP 170 mayprevent the portable communication device from communicating with thesystem and alert the issuer that the portable communication device mayhave been compromised.

MAP 170 may perform enrollment functions to enroll a mobile cardholderinto a cloud-based transactions program, and a set of provisioningfunctions that facilitates the preparation and delivery of the accountparameters, configuration, and cloud-based payments device thresholdparameters to mobile application 112. MAP 170 may perform accountparameters replenishment functions to facilitate the account parameterreplenishment process for the cloud-based account provisioned onportable communication device 101, and lifecycle management functionsthat manage lifecycle messages from issuer/host system 172, CBPP 180,and/or mobile application 112. MAP 170 may also perform post-paymentfunctions to mitigate the risk against counterfeit account parameters,and to limit the exposure on account parameters stored on portablecommunication device 101, such as facilitating periodic post paymentverification of payment transactions or the use of post paymentinformation to validate account parameters replenishment requests.

In cloud-based transactions system 100, portable communication device101 can be used to conduct cloud-based transactions facilitated by CBPP180 and/or MAP 170. The components in portable communication device 101may include device hardware 103, a mobile operating system (OS) 114, andan applications environment 110 in which mobile application 112 mayreside. Device hardware 104 may include a contactless interface 108 thatcan interact with a contactless reader 162 of an access device 160.Examples of contactless interface 108 may include one or more radiofrequency (RF) transceivers that can send and receive communicationsusing near-field communications (NFC), or other radio frequency orwireless communication protocols such as Bluetooth, Bluetooth low-energy(BLE), Wi-Fi, iBeacon, etc. In some embodiments, contactless interface108 may include an optical interface (e.g., a display screen) to presentpayment information in the form of an image such as a quick response(QR) code, or bar code, etc. to contactless reader 162 of access device160 when contactless reader 162 includes an optical code scanner orreader.

Applications environment 110 of portable communication device 101 mayhost a mobile application 112 provided by a mobile application provider.For example, if the provider of mobile application 112 is an issuer,mobile application 112 may be a mobile banking application or a separatemobile payment application. If the provider is a mobile wallet providersuch as a mobile network operator or third-party wallet provider thatsupports multiple issuers, mobile application 112 may be a mobile walletapplication. For merchants, mobile application 112 may be a merchant'sown mobile application from which consumers can conduct e-commerce orpoint of sale transactions with that merchant, or may be a mobile walletapplication that supports multiple merchants.

According to some embodiments, mobile application 112 may includeon-device cloud-based transaction software 113 (e.g., can be in the formof a software developer kit (SDK)) integrated into mobile application112 to support cloud-based transaction functionalities. The on-devicecloud-based transaction software 113 may perform functions to facilitatecloud-based transactions such as to take the account parameters (e.g.,LUK and associated key index), generate transaction cryptograms, anddeliver them to mobile operating system 114 for transmission overcontactless interface 108. The on-device cloud-based transactionsoftware 113 may also manage the initial service profile parameters(e.g., limited-use thresholds) that are provided after an account hasbeen provisioned to ensure that requests for account parameterreplenishment and other account parameter management activities areinitiated.

Mobile application 112 may perform functions to manage the risk profileof the cloud-based account, maintain the account status, and replenishaccount parameters for each cloud-based account based on the on-devicethreshold management parameters. Mobile application 112 may also managelifecycle messages from issuer/host system 172 or lifecycle messagesfrom MAP 170. Mobile application 112 may perform a set of functions toenroll a mobile cardholder into a cloud-based transactions program, anda set of functions that manages the receiving and configuration of thecloud-based account parameters and cloud-based payments device thresholdparameters received from MAP 170. Mobile application 122 may alsoprovide consumer device cardholder verification method (CDCVM) functionsfor cloud-based transactions, and perform a set of functions thatprocesses and responds to messages in support of post-payment processingto limit the exposure of account parameters stored on the portablecommunication device. For example, post-payment processing may includeperiodic post-payment verification of payment transactions or usingpost-payment information to validate account parameters replenishmentrequests.

In secure element based implementations, a contactless application(e.g., a mobile wallet or payment application for contactlesstransactions) using a contactless interface to communicate with acontactless reader of an access device would have to be coded for and beexecuted on a secure element in order to gain access to the contactlessinterface. In some embodiments, portable communication device 101 mayinclude a mobile operating system (OS) 114 that implements a set of cardemulation application programming interfaces (APIs) 116 such as hostcard emulation (HCE) APIs to allow mobile application 112 to gain accessto contactless interface 108 without requiring the use of a secureelement. For example, card emulation APIs 116 may be coded for and beexecuted from mobile OS 114 of portable communication device 101, andmay include programming function calls to allow mobile application 112to receive, process, and respond to transaction communications such asApplication Protocol Data Unit (ADPU) commands sent from contactlessreader 162. In this manner, portable communication device 101 is able toconduct contactless transactions without requiring access to a secureelement on portable communication device 101.

Once portable communication device 101 and mobile application 112 havebeen provisioned with the account parameters, portable communicationdevice 110 can conduct cloud-based transactions by interacting withcontactless reader 162 of access device 160 (e.g., at a merchantpoint-of-sale (POS) location). Contactless reader 162 may include one ormore RF transceivers that can send and receive communications using NFCor other radio frequency or wireless communication protocols such asBluetooth, BLE, Wi-Fi, iBeacon, etc. In some embodiments, contactlessreader 162 may include an optical code scanner or reader to conducttransactions using QR codes, bar codes, etc. Access device 160 may alsoinclude a POS acceptance device 164 and/or electronic cash register 166.

To conduct a cloud-based transaction, a user of portable communicationdevice 101 may place portable communication device 101 in proximity tocontactless reader 162 of access device 160, or display an image such asa QR code or bar code on a screen of portable communication device 101for scanning by contactless reader 162 of access device 160. Portablecommunication device 101 may provide access device 160 with anidentifier (e.g., an account identifier such as a PAN, an alternateaccount identifier such as an alternate PAN, or a token, etc.) toidentify the account of the user and additional information such as thelimited-use account parameters or information derived from thelimited-use account parameters (e.g., transaction cryptograms generatedfrom an LUK). For example, in some embodiments, an account identifier ortoken, and additional information (e.g., a transaction cryptogram,account parameters, etc.) can be transmitted to access device 160 inAPDU responses that are responsive to a series of APDU commands receivedfrom access device 160. In some embodiments, an account identifier ortoken, and the additional information can be encoded in a QR code or barcode that is scanned and processed by access device 160 to retrieve theencoded information. Access device 160 or a merchant computer coupled toaccess device 160 may then generate an authorization request messageincluding the account identifier or token, and additional informationsuch as a transaction cryptogram and other transaction data, and forwardthe authorization request message to acquirer 174 associated with themerchant. The authorization request message can then be sent by acquirer174 to payment processing network 194.

Payment processing network 194 may include data processing subsystems,networks, and operations used to support and deliver authorizationservices, exception file services, transaction scoring services, andclearing and settlement services. An exemplary payment processingnetwork may include VisaNet™. Payment processing networks such asVisaNet™ are able to process credit card transactions, debit cardtransactions, and other types of commercial transactions. VisaNet™, inparticular, may include a VIP system (Visa Integrated Payments system)which processes authorization requests and a Base II system whichperforms clearing and settlement services.

Upon receiving the authorization request message, payment processingnetwork 194 may forward the authorization request message received fromacquirer 174 to the corresponding issuer/host system 172 of the accountof the user of portable communication device 101. After issuer/hostsystem 172 receives the authorization request message, the authorizationrequest message may be parsed, and the information in the authorizationrequest message may be verified. For example, issuer/host system 172 mayverify that the transaction cryptogram was generated by a valid LUK, andthat the set of one or more limited-use thresholds associated with theLUK has not been exceeded. In some embodiments, some or all of theinformation in the authorization request message can also be sent toCBPP 180 for verification and processing. For example, if issuer/hostsystem 172 does not have the capability to verify the transactioncryptogram, the payment processing network 194 or issuer/host system 172may forward the transaction cryptogram to CBPP 180 for verification.

An authorization response message is then sent back to paymentprocessing network 194 to indicate whether the current transaction isauthorized (or not authorized). Payment processing network 194 thenforwards the authorization response message back to acquirer 174. Insome embodiments, payment processing network 194 may decline thetransaction even if issuer/host system 172 has authorized thetransaction, for example, depending on a value of a fraud risk score ordepending if limited-use account parameters are verified by CBPP 180.Acquirer 174 then sends the authorization response message to themerchant computer and/or access device 160. The authorization responseresults, which may include transaction data for the transaction can bedisplayed by access device 160, or be printed out on a physical receipt.

At the end of the day, a clearing and settlement process can beconducted by payment processing network 194. A clearing process is aprocess of exchanging financial details between an acquirer and anissuer to facilitate posting to a user's payment account andreconciliation of the user's settlement position. It should beunderstood that any of the acquirer 174, payment processing network 194,issuer/host system 172, CBPP 180, and/or MAP 170 may be referred to as aremote computer, and may include one or more computing devices such asone or more computers or server computers to enable the entity tocommunicate with the other entities in system 100, and/or to perform oneor more of the functions described herein.

III. Enrollment and Provisioning

FIG. 2 illustrates a communication flow diagram of an example enrollmentand provisioning process, according to some embodiments. The enrollmentand provisioning process can be initiated from portable communicationdevice 201 installed with a mobile application programmed withcloud-based transaction capabilities. The mobile application may bepre-installed on portable communication device 201 during manufacturingor by a retailer, or by a user downloading the mobile application froman application store or from an issuer or cloud-based transactionservice provider and installing the mobile application on portablecommunication device 201. The user may launch the mobile application andinitiate an enrollment request 222 from the mobile application to add anaccount to the cloud-based transaction service. Enrollment request 222is sent from portable communication device 201 to MAP 270, and mayinclude information that can be used to identify the user and theaccount of the user, as well as device information about portablecommunication device 201.

According to some embodiments, to facilitate communications withportable communication device 201, MAP 270 (or issuer/host system 272,or CBPP 280) may generate a device identifier from the deviceinformation or assign a device identifier to portable communicationdevice 201 during the enrollment and provisioning process. The deviceidentifier is provided to the mobile application on portablecommunication device 201, and can be used by the mobile application toidentify portable communication device 201 to the other entities in thecloud-based transaction system in subsequent interactions with thesystem.

When MAP 270 receives enrollment request 222, MAP 270 may process therequest, capture the device information about portable communicationdevice 201, and route enrollment request 224 with the relevantinformation to issuer/host system 272. Issuer/host system 272 mayperform identification and verification (ID&V) of the user and theuser's account, and send a provisioning request 226 to CBPP 280.Provisioning request 226 may include account identifying informationsuch as a PAN to identify the user's account. In embodiments in which analternate account identifier or a token is used, CBPP 280 or issuer/hostsystem 272 may generate an alternate account identifier, or invoke atoken service to generate a token that is used as a substitute for anaccount identifier. Upon receiving provisioning request 226, CBPP 280may use a master derivation key (MDK) associated with issuer/host system272 to generate the initial set of account parameters (e.g., LUK) forprovisioning to portable communication device 201. In some embodiments,issuer/host system 272 may provide CBPP 180 with the MDK if the MDK ismaintained or managed by issuer/host system 272, or issuer/host systemmay generate the LUK and provide CBPP 180 with the generated LUK. Ineither case, whether the LUK is generated by CBPP 180 or by issuer/hostsystem 272, the LUK can be generated based on a key index that acts as aseed for the generation of the LUK, and the key index can be sharedbetween CBPP 180 and issuer/host system 272 to facilitate processing oftransactions using the LUK.

CBPP 280 then packages provisioning data 228, which may include analternate account identifier or a token, an initial set of accountparameters such as a LUK and key index, and other information relevantfor executing and/or processing of a transaction (e.g., set of one ormore limited-use thresholds associated with the LUK), and sendsprovisioning data 228 to MAP 270. MAP 270 can then forward theinformation as provisioning data 330 to portable communication device201. The mobile application then stores the account parameters andrelevant information on portable communication device 201 to enableportable communication device 201 to be used for conducting contactlesstransactions on the user's account.

In should be noted that in some embodiments, the different entities inthe system (e.g., portable communication device 201, CBPP 280, andissuer/host system 272) can be provided with different usage limits forthe set of one or more limited-use thresholds during the enrollment andprovisioning process, and the respective entities can trigger subsequentaccount parameters replenishment at different usage limits.

Once provisioning data 330 has been successfully provisioned ontoportable communication device 201, portable communication device 201 maysend an acknowledgement or confirmation 332 to MAP 270. MAP 270 may alsosend a confirmation 334 to CBPP 280, which in turn forwards confirmation336 to issuer/host system 272 to complete the enrollment andprovisioning process.

It should be understood that the enrollment and provisioning processdescribed above is just an example, and that the messaging sequence insome embodiments may have different variations. In some embodiments, theroles of CBPP 280 and issuer/host system 272 can be interchanged. Forexample, CBPP 280 may receive enrollment request 324 from MAP 270 andsend provisioning request 326 to issuer/host system 372. As anotherexample, MAP 270 may send confirmation 334 to issuer/host system 272,and issuer/host system may send confirmation 336 to CBPP 280.

IV. Transaction Execution

Once a portable communication device has been provisioned with theappropriate account parameters, the portable communication device can beused to execute a contactless transaction, for example, by placingportable communication device in proximity to a contactless reader of anaccess device. Depending on the capabilities of the access device, acontactless transaction conducted using the techniques described hereincan be processed as if the transaction is being performed with anintegrated chip card (referred to as “integrated chip basedtransaction”), or as if the transaction is being performed with amagnetic stripe card (referred to as “magnetic stripe basedtransaction”). In some embodiments, the contactless transaction timesusing the card emulation techniques described herein may be similar tothose of secure element based implementations. For example, according tosome embodiments, a contactless transaction using card emulation maytake less than 500 milliseconds to complete.

In some embodiments, execution of a contactless transaction using aportable communication device can be carried out by providing orexchanging messages (e.g., Application Protocol Data Unit (APDU)messages) between a mobile application running on the portablecommunication device and a contactless reader of an access device over acontactless medium such as radio frequency waves. The messages can be inthe form of APDU commands sent from the contactless reader to theportable communication device, and APDU responses sent from the mobileapplication to the contactless reader in response to the APDU commands.To provide additional security, the mobile application may be configuredto only respond to APDU commands received from the contactless interfaceor contactless controller of the portable communication device. In otherwords, the mobile application can be configured to ignore or reject APDUcommands received from other applications or components, and/or ADPUcommands that the mobile application does not recognize. In someembodiments, if the mobile application receives an unrecognized APDUcommand from the contactless interface or contactless controller of theportable communication device, the mobile application can respond to thecommand with a default status word.

In some embodiments, when the mobile application interacts with anexternal entity (e.g., MAP, CBPP or issuer/host system via the MAP, or acontactless reader of an access device) for which the mobile applicationmay change its state or its stored information, the mobile applicationprocesses the interaction in an atomic manner. In other words, themobile application may process either all of the functions required bythe interaction or none of them. In this manner, the mobile applicationmay keep a recognized state as seen from external entities.

During installation of the mobile application, the mobile applicationmay register its proximity payment system environment (PPSE) name aswell as all Application Identifiers (AIDs) covered by the mobileapplication to ensure that transactions using those AIDs are routed tothe mobile application (e.g., this can be achieved through a declarationin the manifest of the mobile application to the mobile operatingsystem). For example, in some embodiments, the mobile application can beregistered to receive APDU commands for one or more AIDs of a PPSE witha name such as “2PAY.SYS.DDF01.”

In some embodiments, the mobile application can be registered to receiveand process APDU commands for multiple AIDs (e.g., AIDs defined for aparticular issuer, payment processor or processing network, serviceprovider, etc.), and in some scenarios, the multiple AIDs can beassociated with a single account. A single account may have multipleAIDs associated with it, for example, if a transaction conducted on thataccount can be processed by different payment processing networks and/orif the account can have different services, features, product-types, andpayment capabilities associated with the account. For example, a singleaccount may have a common debit AID and a payment processing networkspecific AID (e.g., a Visa AID) associated with the single account. Asanother example, a single account may support different paymentproducts, and each payment product can have its own AID. The multipleAIDs can be communicated to the access device to allow an access deviceto select a preferred AID to choose how the transaction is processed(e.g., which payment processing network) and/or what services orfeatures to associate with or provide for the transaction. The multipleAIDs can be populated in the directory entry for the PPSE, andcommunicated to an access device for this purpose.

The mobile application on the portable communication device may receive,store, and/or support generation of information related to the accountto enable the mobile application to respond with the necessaryinformation to a contactless reader as well as provide cardholders withinformation about the account via the portable communication device'suser interface. Some or all of this information can be provided to themobile application during the enrollment and provisioning process. Theaccount related information may include card art or other visuals thatidentifies the account to the consumer, account identifying informationthat can identify the account to the user (e.g. nickname or last 4digits of the account), the state of the account (e.g. active, suspendedetc.), account configuration information, transaction flow parameters(e.g., information that is provided to a contactless reader during atransaction), the current set of account parameters (e.g., LUK and keyindex) and its associated set of one or more limited-use thresholds andcorresponding usage limits, and a transaction verification log, etc. Theaccount configuration information may include the AID(s) of the account,which consumer verification method(s) (CVM(s)) (e.g., online PIN,consumer device CVM, signature, etc.) are supported by the account (orby the respective AID if multiple AIDs are present) and their priority,whether the account supports magnetic stripe based transactions, and aderivation key index (DKI) associated with the issuer master key usedduring verification of the transaction cryptograms. For mobileapplications supporting multiple accounts for the same or differentaccount AIDs, the mobile application may also support the concept ofwhich account is currently the active account and be able to populateresponses to the contactless reader with the data according to thecurrently active account.

The mobile application may also implement one or more counters to trackthe transaction activity of the mobile application. For example, themobile application may implement a sequence counter (SC) to count howmany times the mobile application has successfully requested new accountparameters for a specific account. The mobile application may alsoimplement an application transaction counter (ATC) to count how manytimes the mobile application has been used to initiate a transaction.

During a transaction, the mobile application may receive, store, and/ordynamically build information such as transaction flow parametersrelated to the contactless transaction in order to return the necessaryinformation to the contactless reader for the transaction to besuccessfully executed. Some of the transaction flow parameters may bereceived, stored, and/or built before the contactless transaction isinitiated, while some transaction flow parameters (e.g., transactioncryptogram) can be dynamically built at the time of transaction. Formobile applications supporting multiple AIDs, different transaction flowparameters can be stored and/or generated per AID. Example details ofthe transaction flow parameters (e.g., including the transactionprocessing information and/or account data referred to below), andexample details of the communication exchanges between the mobileapplication and the contactless reader will be described with referenceto FIG. 3 for an integrated chip based transaction, and with referenceto FIG. 4 for a magnetic stripe based transaction.

Integrated Chip Based Transaction

FIG. 3 illustrates an example communication flow between a portablecommunication device 301 and an access device 360 during an integratedchip based transaction, according to some embodiments. In someembodiments, the communications can be in the form of ADPU commands andresponses. However, it should be understood that other messages,messaging protocols, or formats can be used to exchange the relevantinformation to conduct the transaction. The communications can becarried out between a mobile application running on portablecommunication device 301 and a contactless reader of access device 360.In some embodiments, the mobile application may communicate with thecontactless reader using card emulation APIs of the mobile operatingsystem of portable communication device 301, and thus the transactioncan be carried out without requiring the use of a secure element(although a secure element can be used).

When access device 360 detects the presence of portable communicationdevice 301 in proximity to a contactless reader of access device 360,access device 360 may initiate a transaction by sending an availableapplications request 302 to portable communication device 301 to requestinformation on which payment application(s) (e.g., a list of AID(s)) maybe available on the mobile application of portable communication device301. In some embodiments, the available application(s) request 302 maybe in the form of a select PPSE command. The available applicationsrequest 302 may include a payment environment identifier (e.g., a PPSEname such as “2PAY.SYS.DDF01”) to identify the payment environmentsupported by access device 360 and the mobile application.

Upon receiving the available applications request 302, the mobileapplication of portable communication device 301 may identify andprocess the request by recognizing the payment environment identifier(e.g., PPSE name) included in the request, and respond by sending anavailable applications response 304 back to access device 360. Theavailable applications response 304 may include a list of availableAIDs, and may include the payment environment identifier (e.g., PPSEname) as the dedicated file name. In some embodiments, the availableapplications response 304 may be in the form of a select PPSE responseand may include PPSE file control information (FCI). For example, theavailable applications response 304 may include a directory entry foreach available AID. If the mobile application supports only one AID(irrespective of the number of accounts related to that AID), the mobileapplication may respond with a single directory entry for the supportedAID. If the mobile application supports an account with multiple AIDs,the mobile application may respond with a directory entry for each ofthe supported AIDs. Each directory entry may include information such asthe AID, an application label associated with the AID (e.g., a mnemonicassociated with the AID), an application priority indicator indicatingthe priority of the AID, a kernel identifier indicating theapplication's kernel preference, and/or additional information relatingto the particular AID. The available application(s) response 304 mayalso include other data such as FCI issuer discretionary data.

When access device 360 receives the available applications response 304,access device 304 may select a suitable application from the list ofapplications received in the available applications response 304 (e.g.,by selecting an AID from the available AID(s) received in the availableapplication(s) response 304). In some embodiments, the selected AID canbe the highest priority AID available on the mobile application that issupported by access device 360. Access device 360 may send anapplication selection 306 with the selected AID to the mobileapplication of portable communication device 301 to continue thetransaction. In some embodiments, the application selection 306 can bein the form of a select AID command.

Upon receiving the application selection 306, the mobile application ofportable communication device 301 may send a terminal transaction datarequest 308 to request transaction data from access device 360 which maybe needed to execute the transaction using the selected application/AID.In some embodiments, the terminal transaction data request 308 may be inthe form of a select AID response and may include AID file controlinformation (FCI) with the selected AID as the dedicated file name. Theterminal transaction data request 308 may include a list of transactiondata identifiers to request the appropriate data from access device 360,and the list of transaction data identifiers can be in the form of aprocessing options data object list (PDOL). The transaction datarequested by the mobile application for the transaction may includeterminal transaction qualifiers (TTQ), authorized amount, other amount,terminal country code, terminal verification results, transactioncurrency code, transaction data, transaction type, and/or anunpredictable number. The terminal transaction data request 308 may alsoinclude other data such as FCI issuer discretionary data, applicationprogram identifier, and language preference.

After receiving the terminal transaction data request 308, access device360 may send, to the mobile application of portable communication device301, the terminal transaction data 310 requested by the mobileapplication. In some embodiments, the terminal transaction data 310 maybe sent in the form of a get processing options (GPO) command, and mayinclude the requested terminal transaction data in a processing optionsdata object list (PDOL). In some embodiments, the terminal transactiondata 310 (e.g., terminal transaction qualifiers (TTQ)) may include atransaction type indicator indicating whether access device 360 supportsintegrated chip based transactions or magnetic stripe basedtransactions. Thus, in the integrated chip based transaction illustratedin FIG. 3, access device 360 may send a transaction type indicator inthe terminal transaction data 310 to indicate that access device 360supports integrated chip based transactions. In some embodiments, theterminal transaction data 310 (e.g., terminal transaction qualifiers(TTQ)) may also include a consumer verification method (CVM) requirementindicator to indicate whether a CVM is required by access device 360 forthe transaction, and also one or more CVM type indicators indicating thetypes of CVM supported by access device 360. Examples of CVMs that maybe supported by access device 360 can include online PIN, signature,and/or consumer device CVM (CDCVM) such as a passcode used on portablecommunication device 301 to unlock the screen or mobile application.

Once the mobile application of portable communication device 301receives terminal transaction data 310, the mobile application mayincrement its Application Transaction Counter (ATC), generate dynamictransaction processing information using at least some of the receivedterminal transaction data 310, and send a set of transaction processinginformation 312 including the generated dynamic transaction processinginformation to access device 360. In some embodiments, the transactionprocessing information 312 can be sent in the form of a GPO response. Insome embodiments, the transaction processing information 312 may includeone or more application file locators (AFLs) that can be used as fileaddress(es) by access device 360 to read account data stored on portablecommunication device 301, and an application interchange profile (AIP)that can be used to indicate the capabilities of the mobile application.

For an integrated chip based transaction, the transaction processinginformation 312 may include a transaction cryptogram dynamicallygenerated using the LUK, track-2 equivalent data, and addition data suchas issuer application data (IAD), form factor indicator (FFI), cardtransaction qualifiers (CTQ), cryptogram information data (CID), theupdated ATC, and/or an application PAN sequence number (PSN). In someembodiments, the issuer application data (IAD) may include a lengthindicator indicating the length of the IAD, cryptogram version number(CVN) indicating the version of the transaction cryptogram, a derivedkey indicator (DKI) that can be used to identify a master key (e.g. amaster key associated with the issuer used in generation of the LUK),card verification results (CVR), a wallet provider ID, and/or derivationdata such as the key index that was used in the generation of the LUK.

The card verification results (CVR) may include information about theCVM verifying entity and the CVM verified type for the transaction. TheCVM verifying entity is used to indicate which entity is performing theverification of the CVM for the transaction. The verification entity maybe the access device (or terminal), a co-residing secure application, atrusted execution environment application, the mobile applicationitself, a remote server or computer (e.g., the cloud), or the mobileoperating system. The CVM verified type is used to indicated the CVMmethod used for the transaction. The CVM method may be a passcode,biometric (e.g., fingerprint), pattern lock (e.g., for a screen lock),signature, or online PIN. In some embodiments, if the terminaltransaction data 310 received from access device 360 indicates that theCVM supported by access device 360 is an online PIN or a signature, theCVM verifying entity in the CVR can be set to the access device (orterminal) to indicate that access device 360 is the verifying entity,and the CVM verified type can be set accordingly (e.g., online PIN orsignature).

If the terminal transaction data 310 received from access device 360indicates that the CVM supported by access device 360 is a CDCVM, theCVM verifying entity and the CVM verified type can be set according tothe configuration parameters of the account. For example, if the accountsupports CVM using a passcode that is verified by the mobile operatingsystem of portable communication device 301, the CVM verifying entitycan be set to the mobile operating system, and the CVM verified type canbe set to indicate that the CVM is a passcode. In some embodiments, aCDCVM performed indicator can be included in the card transactionqualifiers (CTQ) to indicate whether the CVM verifying entity hassuccessfully verified the user using the CDCVM indicated by the CVMverified type.

If the terminal transaction data 310 received from access device 360indicates that a CVM is not required, the CVM verifying entity and theCVM verified type can be set to indicate that no CVM was verified. Insome embodiments, the CVR may include additional data such as athreshold indicator that indicates whether one or more limited-usethresholds associated with the LUK has been exceeded.

The form factor indicator (FFI) may include information about portablecommunication device 301, such as a form factor indicator version numberindicating the version of the form factor indicator being used, aconsumer payment device form factor indicator indicating the device typeof portable communication device 301, and consumer payment devicefeatures indicators indicating what payment features are supported byportable communication device 301. The consumer payment device formfactor may indicate that portable communication device 301 is a standardcard (e.g., ID-1 card type as specified in ISO 7811), a mini-card, anon-card form factor (e.g., key fob, watch, wristband, ring, sticker,etc.), or a mobile phone. The consumer payment device featuresindicators may indicate whether portable communication device 301 iscapable of using a passcode (can be separate from a PIN that is usedduring transactions), has a signature panel, has a hologram, has supportfor card verification values (e.g., CW2), capable of two-way messagingto exchange identifying information between the issuer and the user,and/or has support for using cloud-based credentials (e.g., LUK, token,etc.). The form factor indicator (FFI) may also include a paymenttransaction technology indicator indicating that portable communicationdevice 301 supports contactless transactions (e.g., NFC).

It should be understood that in some embodiments, the transactionprocessing information 312 being sent from portable communication device301 to access device 360 may include some or all of the informationdescribe above, and in some embodiments, may include additionalinformation not specifically described.

After access device 360 receives the transaction processing information312, access device 360 may send an account data request 314 to themobile application of portable communication device 301 to readadditional account data that may be stored on portable communicationdevice 301. In some embodiments, the account data request 314 may be inthe form of a read record command, and may include an application filelocator (AFL) indicating the location of the account data that accessdevice 360 is attempting to read. The AFL included in the account datarequest 314 may correspond to an AFL in the transaction processinginformation 312 that was provided to access device 360 from portablecommunication device 301.

After access device 360 receives the transaction processing information312, access device 360 may send an account data request 314 to themobile application of portable communication device 301 to readadditional account data that may be stored on portable communicationdevice 301. In some embodiments, the account data request 314 may be inthe form of a read record command, and may include an application filelocator (AFL) indicating the address or location of the account datathat access device 360 is attempting to read. The AFL included in theaccount data request 314 may correspond to an AFL in the transactionprocessing information 312 provided from portable communication device301.

In response to receiving the account data request 314 from access device360, portable communication device 301 may send the account data 316stored at the location indicated by the AFL to access device 360. Insome embodiments, the account data 316 may be sent in the form of a readrecord response. The account data 316 may include, for example,application usage control that indicates the issuer's restrictions onthe usage and services allowed for the application, the cardholder'sname, customer exclusive data, issuer country code, token requester ID(e.g., if a token is used), and/or other account related data that isaccessible at the AFL location.

It should be understood that in some embodiments, the account data 316being sent from portable communication device 301 to access device 360may include some or all of the information describe above, and in someembodiments, may include additional information not specificallydescribed.

In some embodiments, there can be more than one pair of account datarequest 314 and account data 316 communication exchange between accessdevice 360 and portable communication device 301, for example, ifadditional account related data stored is needed by access device 360 tocomplete the transaction. Once access device 360 has received therequisite data from the transaction processing information 312 and/orone or more account data 316 transmissions, some or all of the dataelements in the transaction processing information 312 and/or one ormore account data 316 transmissions can be used by access device 360 togenerate a transaction authorization request message to requestauthorization of the transaction from the issuer. For example, in someembodiments, the transaction authorization request message may includeat least the track-2 equivalent data and the transaction cryptogramgenerated with the LUK, and the transaction can be authorized based onat least verifying that the transaction cryptogram was generatedcorrectly and that the LUK used in generation of the transactioncryptogram has not exhausted the LUK's set of one or more limited usethresholds.

Magnetic Stripe Based Transaction

FIG. 4 illustrates an example communication flow between a portablecommunication device 401 and an access device 460 during a magneticstripe based transaction, according to some embodiments. In someembodiments, the communications can be in the form of ADPU commands andresponses. However, it should be understood that other messages,messaging protocols, or formats can be used to exchange the relevantinformation to conduct the transaction. The communications can becarried out between a mobile application running on portablecommunication device 401 and a contactless reader of access device 460.In some embodiments, the mobile application may communicate with thecontactless reader using card emulation APIs of the mobile operatingsystem of portable communication device 401, and thus the transactioncan be carried out without requiring the use of a secure element(although a secure element can be used).

For a magnetic stripe based transaction, the available applicationsrequest 402, the available application response 404, the applicationselection 406, and the terminal transaction data request 408communications and the relevant data elements included in thecommunications are similar to that of an integrated chip card basedtransaction as described above with reference to FIG. 3, and thus adetailed description of which need not be repeated.

In response to receiving the terminal transaction data request 408 fromthe mobile application of portable communication device 401, accessdevice 460 may send the requested terminal transaction data 410 toportable communication device 401. The terminal transaction data 410provided to portable communication device 401 in a magnetic stripe basedtransaction is similar to that of the integrated chip card basedtransaction as described above with reference to FIG. 3, with theexception that the transaction type indicator provided in the terminaltransaction data 410 (e.g., terminal transaction qualifiers (TTQ)) mayindicate that access device 360 supports magnetic stripe basedtransactions.

Once the mobile application of portable communication device 401receives terminal transaction data 410 and determines that access device460 supports magnetic stripe based transactions, the mobile applicationmay increment its Application Transaction Counter (ATC), and send a setof transaction processing information 412 to access device 360. In someembodiments, the transaction processing information 412 can be sent inthe form of a GPO response. In some embodiments, the transactionprocessing information 412 may include one or more application filelocators (AFLs) that can be used as file address(es) by access device460 to read account data stored on portable communication device 401,and an application interchange profile (AIP) that can be used toindicate the capabilities of the mobile application. In someembodiments, the one or more AFLs provided to access device 460 during amagnetic stripe based transaction can be different than the AFL(s)provided during an integrated chip based transaction such that themobile application maintains different locations to store separate setsof data for use in magnetic stripe based transactions versus integratedchip based transactions. The mobile application may also generatedynamic transaction processing information that may or may not use atleast some of the received terminal transaction data 410, and store thegenerated information at a location accessible by the one or moreapplication file locators (AFLs). The dynamic transaction processinginformation may include, for example, a transaction cryptogram generatedby using the LUK.

After access device 460 receives the transaction processing information412, access device 460 may send an account data request 414 to themobile application of portable communication device 401 to read accountdata that may be stored on portable communication device 301. In someembodiments, the account data request 414 may be in the form of a readrecord command, and may include an application file locator (AFL)indicating the location of the account data that access device 460 isattempting to read. The AFL included in the account data request 414 maycorrespond to an AFL in the transaction processing information 412 thatwas provided to access device 460 from portable communication device401.

In response to receiving the account data request 414 from access device460, portable communication device 401 may send the account data 416stored at the location indicated by the AFL to access device 460. Insome embodiments, the account data 416 may be sent in the form of a readrecord response. The account data 416 may include, for example, track-2equivalent data and the cardholder name, etc. In some embodiments, for amagnetic stripe based transaction, the transaction cryptogram generatedby using the LUK and/or the key index associated with the LUK can beembedded in the track-2 equivalent data.

It should be understood that in some embodiments, the account data 416being sent from portable communication device 401 to access device 460may include some or all of the information describe above, and in someembodiments, may include additional information not specificallydescribed.

In some embodiments, there can be more than one pair of account datarequest 414 and account data 416 communication exchange between accessdevice 460 and portable communication device 401, for example, ifadditional account related data stored is needed by access device 460 tocomplete the transaction. Once access device 460 has received therequisite data from the transaction processing information 412 and/orone or more account data 416 transmissions, some or all of the dataelements in the transaction processing information 412 and/or one ormore account data 416 transmissions can be used by access device 460 togenerate a transaction authorization request message to requestauthorization of the transaction from the issuer. For example, in someembodiments, the transaction authorization request message may includeat least the track-2 equivalent data and the transaction cryptogramgenerated with the LUK, and the transaction can be authorized based onat least verifying that the transaction cryptogram was generatedcorrectly and that the LUK used in generation of the transactioncryptogram has not exhausted the LUK's set of one or more limited usethresholds.

Track-2 Equivalent Data

According to some embodiments, depending on the type of transactionbeing execute (e.g., integrated chip based transaction or magneticstripe based transaction), different data elements can be included inthe track-2 equivalent data provided from the mobile application of theportable communication device to the access device. Table 1 shows anexample of a track-2 equivalent data format with an embedded transactioncryptogram that can be used in either a magnetic stripe basedtransaction or an integrated chip based transaction.

TABLE 1 Track-2 equivalent data with embedded transaction cryptogramData Element Account Identifier (e.g., PAN, alternate PAN, token) FieldSeparator = ‘D’ Expiry Date Service Code Key Index TransactionCryptogram Padding ‘F’

The key index is associated with the LUK that was used in the generationof the transaction cryptogram for the particular transaction, and mayinclude information pertaining to the generation of the LUK as describedherein. For example, the key index may be a seed that was used togenerate the LUK, and may include time information (e.g., a timestamp)indicating when the LUK was generated, and/or may include areplenishment counter value indicating the number of times that the LUKhas been renewed or replenished for a particular account, mobileapplication, or portable communication device. In some embodiments, thekey index may include an application transaction counter valueindicating the number of transactions that has been previously conductedby a mobile application of the portable communication device at the timethe LUK is generated, or may include a pseudo random number generated bya cloud-based transaction service provider or by a suitable entity suchas an issuer involved in processing the transaction.

The transaction cryptogram embedded in the track-2 equivalent data maybe a cryptogram generated by using the LUK as an encryption key. In someembodiments, the transaction cryptogram that is embedded in the track-2equivalent data may be different than the transaction cryptogram that isprovided in the transaction processing information 312 (e.g., GPOresponse). For example, the transaction cryptogram embedded in thetrack-2 equivalent data (may be referred to as a “decimalizedtransaction cryptogram”) may have a reduced-length (e.g., reduced to sixdigits), and/or may be generated by encrypting a static data (e.g., apredetermined numeric string) instead of terminal transaction data.

In some embodiments in which the transaction is conducted using anoptical contactless interface, an optical image such as a QR code or abar code can be generated to encode the track-2 equivalent data formatshown in Table 1, and the optical image encoding the track-2 equivalentdata can be displayed on a portable communication device, and bepresented to an optical scanner or reader of an access device to conductthe transaction.

Table 2 shows an example of a track-2 equivalent data format without anembedded transaction cryptogram that can be used in an integrated chipbased transaction.

TABLE 2 Track-2 equivalent data without embedded transaction cryptogramData Element Account Identifier (e.g., PAN, alternate PAN, token) FieldSeparator = ‘D’ Expiry Date Service Code PIN Verification Field Track 2Discretionary Data Padding ‘F’

For an integrated chip based transaction, a transaction cryptogram isalready provided to the access device in the transaction processinginformation 312 (e.g., GPO response), and thus it may be unnecessary toinclude a transaction cryptogram in the track-2 equivalent data for anintegrated chip based transaction. Hence, the track-2 equivalent dataformat shown in Table 2 can be used for an integrated chip basedtransaction, although the track-2 equivalent data format shown in Table1 may also be used.

In some embodiments, the key index associated with the LUK can beembedded in the track-2 discretionary data in the track-2 equivalentdata format shown in Table 2. The key index, for example, may includetime information and/or a replenishment counter value, an applicationtransaction counter value, or a pseudo random number, or any of theexamples described herein. In some embodiments, the key index may act asa seed for generating the transaction cryptogram. By including the seedin the track-2 discretionary data that is passed to the issuer, theissuer can verify the seed, and in some embodiments, regenerate thetransaction cryptogram using the seed to verify the transactioncryptogram.

It should be understood that the track-2 equivalent data formatsdescribe above are examples, and that in some embodiments, the track-2equivalent data may omit some of the data elements, and/or may includeadditional data elements not specifically shown.

V. Transaction Verification Log

According to some embodiments, the mobile application may update atransaction verification log maintained by the mobile application at theend of a transaction to include information about the transaction in thetransaction verification log. The mobile application may recognize theend of a transaction by recognizing that all transaction processinginformation and/or account data that may be needed by the access deviceto complete the transaction has been provided to the access device(e.g., recognizing that the last record defined in the AFL has beenreturned successfully or if no AFL, when the GPO response has beenreturned successfully).

FIG. 5 illustrates examples of data elements that can be include in atransaction verification log, according to some embodiments. The mobileapplication may maintain a transaction verification log per LUK or perset of account parameters. In some embodiments, the portablecommunication device may maintain a number of transaction verificationlogs for several LUKs or sets of account parameters, or optionally, oncethe current LUK or account parameters have been renewed or replenished,the transaction verification log corresponding to the previous LUK oraccount parameters can be deleted to save memory space on the portablecommunication device.

The transaction verification log may be associated with and/or mayinclude the key index corresponding to the LUK or set of accountparameters used in the logged transactions, and a sequence counter valueassociated with the key index or set of account parameters indicatingthe number of times the LUK or set of account parameters have beenreplenished. For each transaction conducted using the particular LUK orparticular set of account parameters, the transaction verification logmay include a transaction timestamp indicating the time of thecorresponding transaction, an unpredictable number (UN) provided fromthe access device during the transaction (if available), an applicationtransaction counter (ATC) value associated with the correspondingtransaction (e.g., a value indicating the number of transactions thathas been conducted using the mobile application at the time of thetransaction), and a transaction type indicator indicating whether thecorresponding transaction was conducted as an integrated chip basedtransaction or a magnetic stripe based transaction. The transactiontimestamp may be the UTC time as determined by the portablecommunication device at the time of the transaction. In someembodiments, additional information such as the location of the portablecommunication device at the time of the corresponding transaction can beincluded in the transaction verification log. It should be understoodthat in some embodiments, the transaction verification log may includefewer data elements, and/or may include other data elements notspecifically shown.

The transaction verification log can be used for various purposes suchas post payment verification and account parameters replenishment. FIG.6 illustrates a communication flow diagram of an example of apost-payment verification process, according to some embodiments. Thepost-payment verification process can be initiated by an issuer/hostsystem 672 when issuer/host system 672 decides to check the account, forexample, when a transaction flagged as being suspicious or potentiallyfraudulent is received, or when issuer/host system 672 checks theaccount randomly or periodically as a fraud-prevention measure.

Issuer/host system 672 may initiate the post-payment verificationprocess by sending, to CBPP 680, a transaction log request 622 torequest the transaction verification log associated with an account. Thetransaction log request 622 may include information such as an accountidentifier that can be used by CBPP 680 to identify the account. CBPP680 may identify the account in question and the mobile application thatthe account is registered to, and forward this information astransaction log request 624 to MAP 670. MAP 670 may identify andauthenticate the portable communication device associated with theaccount and mobile application, and send transaction log request 626 tothe identified mobile application of portable communication device 601.

Upon receiving the transaction log request 626, the mobile applicationof portable communication device 601 may retrieve the transactionverification log from the memory of the portable communication device,and package the data into transaction log information 628 fortransmission to issuer/host system 672. The transaction log information628 is derived from the transaction verification log stored on theportable communication device, and may include some or all of theinformation contained in the transaction verification log such as theper transaction details for each transaction such as the transactiontimestamp, application transaction counter value, transaction typeindicator, unpredictable number if available, and/or any combinationthereof; the key index associated with the LUK or account parametersused for the transactions; the sequence counter associated with the LUKor account parameters; and/or any combination thereof. Alternatively oradditionally, the transaction log information derived from thetransaction verification log may include an authentication code (e.g., amessage authentication code, hash value, etc.) computed over some or allof the information in the transaction verification log. For example, theauthentication code may be computed over the per transaction details, orover the key index and/or sequence counter together with the pertransaction details. In some embodiments, the authentication code can begenerated by using the LUK as an encryption key.

After deriving the relevant transaction log information 628 from thetransaction verification log, the mobile application on portablecommunication device 601 sends the transaction log information 628 toMAP 670. MAP 670 forwards the information as transaction log information630 to CBPP 680, and CBPP 680 forwards the information as transactionlog information 632 to issuer/host system 672. In some embodiments, CBPP680 may perform verification of the received transaction loginformation, for example, if CBPP 680 tracks the transaction activity ofthe account, and may additionally or alternatively provide theverification result in the transaction log information 632 transmittedto issuer/host system 672.

When issuer/host system 672 receives the transaction log information632, issuer/host system 672 may compare the information against thesuspicious transaction, and/or compare the information against thetransaction activity for the current LUK or set of account parameters.If the transaction log information 632 indicates the suspicioustransaction was conducted by the mobile application of portablecommunication device 601 and/or the transaction log information 632matches the transaction activity, issuer/host system 672 completes thepost-payment verification process and maintains the account in activestatus.

If the transaction log information 632 indicates the suspicioustransaction did not originate from the mobile application of portablecommunication device 601 or if the transaction log information 632 doesnot match the transaction activity at the issuer, issuer/host system 672may suspend the account, and send a suspend notification to CBPP 680.CBPP 680 may suspend the account in its own system and forward thesuspend notification to MAP 670. MAP 670 then forwards the suspendnotification to the mobile application of portable communication device601. In response to receiving the suspend notification, the mobileapplication may delete the current set of account parameters from themobile application and display a message to request the user to contactthe issuer.

VI. Account Parameters Replenishment

When a set of account parameters (e.g., LUK) expires due to the age ofthe account parameters or usage of the account parameters exhausting theassociated set of one or more limited-use thresholds, a subsequenttransaction conducted using the expired set of account parameters may bedeclined. In order to be able to continue to conduct transactions usingthe mobile application of the portable communication device, the mobileapplication may need to update, renew, refresh, or replenishment the setof account parameters available to the mobile application. In someembodiments, the transaction verification log may also be used duringthe account parameter replenishment process to verify that the mobileapplication or portable communicate device requesting new accountparameters is the same application or device that had previouslyreceived and used the prior set of account parameters.

To facilitate the account parameters replenishment process, the mobileapplication of the portable communication device may track the usage ofthe set of account parameters (e.g., LUK), and maintain an accountparameters status that indicate whether one or more limited-usethresholds associated with the account parameters or LUK has beenexhausted or is about to be exhausted. For example, the mobileapplication may track how many transactions have been conducted usingthe set of account parameters or LUK, how much time has elapsed sincethe set of account parameters or LUK was generated, and/or thecumulative transaction amount over all transactions that were conductedusing the set of account parameters or LUK. At the end of eachtransaction, the mobile application may update the usage of the set ofaccount parameters or LUK being tracked by the mobile application, andcompare the usage against the on-device set of one or more limited-usethresholds. In some embodiments, if the mobile application determinesthat the usage of the current set of account parameters or LUK hasexhausted the on-device set of one or more limited-use thresholds orused beyond the usage limit, the mobile application may initiate anaccount parameters replenishment request. In some embodiments, themobile application may initiate an account parameters replenishmentrequest if the mobile application determines that the next transactionconducted using the current set of account parameters or LUK willexhaust the set of one or more limited-use thresholds. This can be done,for example, to help ensure that a valid set of account parameters orLUK is constantly available to the mobile application such that the nexttransaction conducted with the mobile application does not get declined.

FIG. 7 illustrates a communication flow diagram of an example of anaccount parameters replenishment process, according to some embodiments.In the example shown in FIG. 7, the account parameters replenishmentprocess is initiated by the mobile application of portable communicationdevice 701, and may be referred to as a replenishment pull process. Whenthe mobile application determines that the set of one or morelimited-use thresholds associated with the current set of accountparameters have been exhausted or is about to be exhausted, the mobileapplication of portable communication device 701 may send an accountparameters replenishment request 722 to MAP 770 to replenish the set ofaccount parameters or LUK available to the mobile application.

The account parameters replenishment request 722 may include informationidentify the relevant account, mobile application, and/or portablecommunication device 701, and may include transaction log informationderived from the transaction verification log stored on the portablecommunication device. The transaction log information provided in theaccount parameters replenishment request 722 may include some or all ofthe information contained in the transaction verification log such asthe per transaction details for each transaction conducted using thecurrent set of account parameters or LUK (e.g., transaction timestamp,application transaction counter value, transaction type indicator,unpredictable number if available, and/or any combination thereof). Thetransaction log information may include the key index associated withthe current set of account parameters or LUK, and/or the sequencecounter associated with the current set of account parameters or LUK.Alternatively or additionally, the transaction log information derivedfrom the transaction verification log and provided in the accountparameters replenishment request 722 may include an authentication code(e.g., a message authentication code, hash value, etc.) computed oversome or all of the information in the transaction verification log. Forexample, the authentication code may be computed over the pertransaction details, or over the key index and/or sequence countertogether with the per transaction details. In some embodiments, theauthentication code can be generated by using the LUK as an encryptionkey.

When MAP 770 received the account parameters replenishment request 722,MAP 770 forwards the request as account parameters replenishment request724 to CBPP 780. Upon receiving the account parameters replenishmentrequest 724, CBPP 780 may verify the transaction log information orrequest issuer/host system 772 to verify the transaction loginformation. If the transaction log information matches the transactionactivity at CBPP 780 or issuer/host system 772, CBPP 780 may thengenerate a new set of account parameters (e.g., new key index and newLUK) to replenish the current set of account parameters at the mobileapplication. CBPP 780 may send a replenishment notification 726 toissuer/host system 772 to notify the issuer that a new set of accountparameters is being replenished to the mobile application. In someembodiments, the replenishment notification 726 may include the new setof account parameters (e.g., new key index and new LUK) such thatissuer/host system 772 may perform its own update. Issuer/host system772 may respond by sending an acknowledgment 728 to CBPP 780.

After the new set of account parameters are generated, CBPP 780 may sendthe new set of account parameters 730 to MAP 770. The new set of accountparameters 730 may include a new key index, a new LUK, etc., and in someembodiments, may also include a new set of one or more limited-usethresholds associated with the account parameters or LUK that may havedifferent usage limits than the previous thresholds. MAP 770 thenforwards the data as the new set of account parameters 732 to the mobileapplication of portable communication device 701.

When the mobile application of portable communication device 701receives the new set of account parameters (e.g., new LUK and new keyindex associated with the LUK), the mobile application delete theprevious set of account parameters and associated transactionverification log details and usage tracking, and store the new set ofaccount parameters. If the new set of account parameters has differentusage limits for the set of one or more limited-use thresholds, the oneor more limited-use thresholds can be updated with the new usage limits.The mobile application also increments the sequence counter for eachsuccessful account parameters replenishment. Once the mobile applicationhas updated the set of account parameters, the mobile application ofportable communication device 701 may send a confirmation 734 to MAP780, and MAP 780 may forward this as confirmation 736 to CBPP 770 toconfirm that the account parameters replenishment process wassuccessful.

In some embodiments, if issuer/host system 772 is responsible foraccount parameters generation, instead of sending the replenishmentnotification 726 to issuer/host system 772, CBPP 780 may forward accountparameters replenishment request 724 to issuer/host system 772, and haveissuer/host system 772 generate the new set of account parameters.(e.g., new key index and new LUK) In such embodiments, issuer/hostsystem 772 may provide the new set of account parameters to CBPP 780and/or to MAP 770 for forwarding to the mobile application on portablecommunication device 701.

According to some embodiments, the account parameters replenishmentprocess can be initiated by CBPP 770 and/or issuer/host system 772. Anaccount parameters replenishment process that is not initiated by themobile application may be referred to as a replenishment push process.For example, the account parameters replenishment process can betriggered by transaction activity monitored by CBPP 770 and/orissuer/host system 772. In some embodiments, CBPP 770 and/or issuer/hostsystem 772 may maintain their own set of one or more limited-usethresholds, which may or may not have the same usage limits as theon-device limited-use thresholds maintained at the mobile application.CBPP 770 and/or issuer/host system 772 may track the usage of thecurrent set of account parameters (e.g., LUK).

When CBPP 770 determines that the set of one or more limited-usethresholds at the CBPP 770 associated with the current set of accountparameters have been exhausted or is about to be exhausted, CBPP 770 maysend a push message to MAP 780 to request the mobile application toreplenish its current set of account parameters. When issuer/host system772 determines that the issuer set of one or more limited-use thresholdsassociated with the current set of account parameters have beenexhausted or is about to be exhausted, issuer/host system 772 may send apush message to CBPP 770 and/or MAP 780 to request the mobileapplication to replenish its current set of account parameters.

Upon receiving a push message to replenish the set of account parametersfrom CBPP 770 or issuer/host system 772, MAP 780 may forward the pushmessage to the mobile application of portable communication device 701.In some scenarios, portable communication device 701 may be powered offor the mobile application may not be active at portable communicationdevice 701 at the time CBPP 770 and/or issuer/host system 772 initiatesthe replenishment process. In such scenarios, MAP 780 may queue the pushmessage for deliver to the mobile application at a later time, and mayperiodically attempt to reach the mobile application until MAP 780establishes communication with the mobile application. When the mobileapplication receives the push message requesting the mobile applicationof portable communication device 701 to replenish the account parameters(e.g., LUK and associated key index), in response, the mobileapplication of portable communication device 701 may send an accountparameters replenishment request with the relevant transaction loginformation to MAP 780. The replenishment process may continue in asimilar manner as the replenishment push process described above withreference to FIG. 7. In some embodiments, CBPP 770 and/or issuer/hostsystem 772 may generate the new set of account parameters and providethem to MAP 780 together with the push message such that MAP 780 mayprovide the new set of account parameters to the mobile application whencommunication with the mobile application is established.

Although the above description of the account parameters replenishmentprocess may have been described with reference to replenishing the LUKand the key index associated with the LUK, it should be understood thatthe account parameters replenishment process can be used, for example,to replenish other account parameters or related information such as toreplenish a token that is used as a substitute for an accountidentifier. In some embodiments, a token can be replenished at the sametime as the LUK and key index, or separately from the LUK and key index.

VII. Cryptograms for Transactions

According to some embodiments, because no secure element is required tobe present to protect account credentials stored on the potablecommunication device, the account parameters for conducting cloud-basedtransactions may have a limited lifespan such that even if a given setof account parameters is compromised, the stolen account parameterswould be of little use as they may have expired or will expire shortly.For example, instead of using a static key stored in a secure element togenerate cryptograms during transactions as in some secure elementimplementations, the cloud-based transaction system uses limited-usekeys in the generation of transaction cryptograms.

In some embodiments, two types of transaction cryptogram may be used—onefor track-2 data used in magnetic stripe based transactions, and one forintegrated chip based transactions. For both types of transactioncryptogram, the transaction cryptogram is generated using a limited usekey (LUK). The difference between the two types of transactioncryptograms is the input data used for generating the cryptogram and/orthe final format of the transaction cryptogram that is transmitted tothe access device to conduct the transaction. For an integrated chipbased transaction, the input data used to generate the cryptogram mayinclude dynamic data (e.g., data that changes for each transaction)received from the contactless reader of an access device during thetransaction (e.g., terminal transaction data), while the input data fora magnetic stripe based transaction may be static data (e.g., data thatdoes not change from one transaction to another such as a predeterminednumeric string). This means that in some embodiments, for a magneticstripe based transaction, either the CBPP or the mobile applicationitself can generate the transaction cryptogram as the generation of thetransaction cryptogram does not rely on data from the contactless readof an access device; and for an integrated chip based transaction, themobile application provides generation of the transaction cryptogram.

It should also be noted that in some embodiments, the input forgenerating the transaction cryptogram in a magnetic stripe basedtransaction can alternatively or additionally include dynamic datareceived from the contactless reader of an access device during thetransaction (e.g., terminal transaction data). Furthermore, the inputfor generating the transaction cryptogram in an integrated chip basedtransaction can alternatively or additionally include static data.

In addition to being used in transaction cryptogram generation, in someembodiments, the LUK can be used to generate an authentication code whenthe mobile application communicates with the other components orentities of the cloud-based transaction system. For example, anauthentication code or hash code can be generated over the transactionverification log details using the LUK as a key during the accountparameters replenishment process.

FIG. 8 illustrates a block diagram of an example of a process 800 forgenerating a transaction cryptogram, according to some embodiments. Anyone of the encryption functions 806, 812, 818, and/or 824 can be thesame or be different than any of the other encryption functions. Forexample, any one of the encryption functions 806, 812, 818, and/or 824may be implemented as triple data encryption standard (TDES), dataencryption standard (DES), advanced encryption standard (AES), or othersuitable encryption algorithms.

Process 800 can be divided into two parts—the first part relates to theLUK generation (blocks 802 to 814), and the second part relates to thetransaction cryptogram generation (blocks 816-828). The first partrelating to the LUK generation can be performed once to generate a LUK(e.g., by CBPP or issuer/host system), and the second part relating tothe transaction cryptogram generation can be performed multiple timesusing the LUK generated from the first part (e.g., by the mobileapplication) until the LUK has exceeded its set of one or morelimited-use thresholds, at which time, the first part relating to theLUK generation can be performed again to replenish, renew, or refreshthe LUK.

Process 800 may begin by encrypting account information 804 with a firstencryption key 802 using an encryption function 806 to generate a secondencryption key 808. The first encryption key 802 may be a base key thatis associated with the issuer of the user's account, and the base keymay be associated with a group of accounts. For example, the firstencryption key 802 may be associated with a group of accounts within aBIN or PAN range designated for the cloud-based transaction service. Insome embodiments, the first encryption key 802 may be a masterderivation key (MDK) associated with the issuer of the accountassociated with the account information 804, and the first encryptionkey 802 can be maintained at the CBPP or at the issuer/host system.

The account information 804 may include account identifying informationsuch as an account identifier (e.g., a PAN), an alternate accountidentifier (e.g., an alternate PAN), or a token that is a substitute foran account identifier, and may additionally include user identifyinginformation such as a sequence number (e.g., a PAN sequence number(PSN)) that identifies the particular user of the account (e.g., whenmultiple users use the same account). For example, the accountinformation 804 that is used as the input to encryption function 806 canbe a concatenation of the account identifying information and the useridentifying information, or an inverted version of the concatenation.

In some embodiments, the second encryption key 808 being generated fromthe account information 804 may include multiple portions that are eachgenerated from different variations of the account information 804. Forexample, the second encryption key 808 may be divided into two portions.The first portion of the second encryption key 808 may be generated byencrypting the account information 804 using the first encryption key802. The second portion of the second encryption key 808 may begenerated by inverting the account information 804 and encrypting theinverted account information using the first encryption key 802. Theencryption function 806 used to generate the second encryption key 808may be, for example, triple data encryption standard (TDES) or othersuitable encryption algorithms, and may use an initial chaining vectorof binary zeros. In some embodiments, the second encryption key 808generated from the account information 804 may correspond to a uniquederivation key (UDK) for the account.

Process 800 may continue by encrypting key index information 810 withthe second encryption key 808 using an encryption function 812 togenerate the limited-use key (LUK) 814. The key index information 810may be derived from a key index that includes information pertaining tothe generation of the LUK 814, and that may be used as a seed togenerate LUK 814. For example, the key index may include timeinformation indicating when the LUK 814 is being generated. In someembodiments, the time information can be represented as the numericstring ‘YHHHH’, where ‘Y’ (0-9) represents the least significant digitof the current year, and ‘HHHH’ (0001-8784) represents the number ofhours since the start of January 1^(st) of the current year expressed asdigits (e.g., first hour of January 1^(st)=0001). In some embodiments,the key index may also include a replenishment counter value indicatingthe number of times that the LUK 814 has been renewed or replenished ina predetermined time period (e.g., number of times LUK 814 has beengenerated in each hour). For example, the replenishment counter valuecan be represented as the numeric string ‘CC’ (00-99). At the beginningof each hour, ‘CC’ starts at 00 and is incremented by 1 each time LUK814 is generated. In some embodiments, the key index may include anapplications transaction counter value, or a pseudo random numbergenerated by the CBPP or the issuer.

According to some embodiments, the key index information 810 that isprovided as input to the encryption function 812 may be generated bypadding the key index with one or more numeric values. For example, thekey index can be padded with a numeric value (e.g., 1 or 2 shown as ‘m’or ‘n’ in FIG. 8) at the beginning of the key index and/or a numericvalue (e.g., 80000000 shown as ‘xxxxxxxx’ in FIG. 8) at the end of thekey index. In some embodiments, the LUK 814 being generated from the keyindex information 810 may include multiple portions that are eachgenerated from different variations of the key index information 810.For example, the LUK 814 may be divided into two portions. The firstportion of LUK 814 may be generated by padding the key index with afirst value to generate a first padded key index (e.g.,1YHHHHCC80000000), and encrypting the first padded key index using thesecond encryption key 808. The second portion of LUK 814 may begenerated by padding the key index with a second value to generate asecond padded key index (e.g., 2YHHHHCC80000000), and encrypting thesecond padded key index using the second encryption key 808. Theencryption function 812 used to generate the LUK 814 may be, forexample, TDES or other suitable encryption algorithms, and may use aninitial chaining vector of binary zeros. It should be understood thatthe numeric values described herein are just examples, and that in someembodiments, other numeric values can be used.

After the LUK 814 is generated (e.g., by the CBPP or the issuer), theLUK 814 and the key index that includes information pertaining to thegeneration of LUK 814 may be provided to a portable communication deviceto facilitate generation of transaction cryptograms for transactionsconducted using the portable communication device. The LUK may beassociated with a set of one or more limited-use thresholds that limitthe number of transactions that can be conducted using the LUK 814, suchas those described herein. During execution of a transaction, thetransaction cryptogram and/or the key index can be provided from theportable communication device to an access device, and the transactionmay be authorized based on verification of the transaction cryptogramand whether the LUK 814 used to generate the transaction cryptogram hasexceeded one or more of the LUK's limited-use thresholds.

As discussed above, in some embodiments, two types of transactioncryptograms can be generated. For a magnetic stripe based transaction,the transaction cryptogram 828 may be a reduced-length transactioncryptogram (may also be referred to as a decimalized transactioncryptogram). Transaction cryptogram 828 may be generated by encryptingstatic data 822 (e.g., can be a predetermined numeric string such as‘0000000000000001’) using the LUK 814 as an encryption key in encryptionfunction 824 to form an encrypted static data or encrypted numericstring represented in hexadecimals (0-F). The encryption function 824may be, for example, TDES or other suitable encryption algorithms, andmay use an initial chaining vector of binary zeros. The encrypted staticdata (or encrypted numeric string) may then be decimalized by usingdecimalize function 826 to generate the transaction cryptogram 828.

In some embodiments, the transaction cryptogram 828 may be divided intotwo data blocks. The decimalize function 826 used to generate the twodata blocks of the transaction cryptogram 828 may include extractingnumeric digits (0-9) from the encrypted static data or encrypted numericstring to form the first data block; and for the second data block,extracting hexadecimal digits (A-F) from the encrypted static data orencrypted numeric string, and converting each extracted hexadecimaldigit into a numeric digit by subtracting ten from the correspondinghexadecimal digit to form the second data block. The first data block isthen concatenated with the second data block to form the transactioncryptogram 828. In some embodiments, the decimalized transactioncryptogram 828 may have six digits, and may be embedded with the keyindex (e.g., ‘YHHHHCC’) in the track-2 equivalent data provide in atransaction authorization request message to request authorization for atransaction from the issuer.

For an integrated chip based transaction, the transaction cryptogram 820may be generated by encrypting dynamic transaction data 816 using theLUK 814 as an encryption key in encryption function 818. The dynamictransaction data 816 may include, for example, some or all of theterminal transaction data 310 provided from the access device to themobile application of the portable communication device during executionof the transaction. In some embodiments, the dynamic transaction data816 may include the following data elements: authorized amount, otheramount, terminal country code, terminal verification results,transaction currency code, transaction date, transaction type, andunpredictable number; and/or may include the application interchangeprofile (AIP), application transaction counter (ATC), and issuerapplication data (IAD). In some embodiments, some data elements may beomitted, and/or additional data elements not specifically described canbe included. The data set that makes up the dynamic transaction data 816is provided as input to the encryption function 818. In someembodiments, the transaction cryptogram 820 can be generated byenciphering the dynamic transaction data 816 using a first portion ofthe LUK 814, deciphering the enciphered dynamic transaction data using asecond portion of the LUK 814, and then re-enciphering the deciphereddynamic transaction data using the first portion of the LUK 814.

It should be noted that according to some embodiments, in addition tothe transaction cryptogram 820, the decimalized transaction cryptogram828 can also be used and generated in an integrated chip basedtransaction, and the decimalized transaction cryptogram 828 can beinserted into the track-2 equivalent data.

FIG. 9 illustrates a block diagram of an example of encryption function900, according to some embodiments. In some embodiments, encryptionfunction 900 can be used as encryption function 818. For example, thedata set that makes up the dynamic transaction data 816 may beconcatenated together (e.g., in the order described above), and thendivided into a set of data blocks D₁ to D_(N) of equal length (e.g.,8-byte data blocks). If the dynamic transaction data 816 does not divideequally into the length of the data blocks, the missing leastsignificant bits in the last data block D_(N) can be zero filled. Thefirst key KA may correspond to a first portion of the LUK 814 (e.g.,most significant 8 bytes), and the second key KB may correspond to asecond portion of the LUK 814 (e.g., least significant 8 bytes) Aniterative enciphering process may be applied to the set of data blocksD₁ to D_(N). The iterative enciphering process may include encrypting afirst data block D₁ using key KA as the encryption key in a dataencryption algorithm (DEA(e)). The result of the encryption is thenexclusive-ORed with the next data block D₂. The result of theexclusive-OR operation is then used as the input for the next iterationof the enciphering process. The enciphering process continues until alldata blocks D₁ to D_(N) has been processed, and the output I_(N) of thelast exclusive-OR operation with the last data block D_(N) is encryptedto form the output of the iterative enciphering process O_(N). Theoutput of the of the iterative enciphering process O_(N) may then bedeciphered using key KB as the decryption key in data decryptionalgorithm (DEA(d)). The output of the deciphering process O_(N+1) isthen re-enciphered using key KA as the encryption key in a dataencryption algorithm (DEA(e)) to generate the output O_(N+2). Accordingto some embodiments, the output O_(N+2) can be used as the transactioncryptogram 820.

It should be noted that in some embodiments, the encryption function 900described with reference to FIG. 9 can be used to generate theauthentication code that is used in the post-payment verificationprocess and/or the account parameters replenishment process, forexample, by applying the encryption function 900 over at least thetransaction verification log stored on the portable communicationdevice. In some embodiments, the encryption function 900 described withreference to FIG. 9 can also be used for any of the encryption functions806, 812, 818, and/or 824.

VIII. Exemplary Methods

FIG. 10 illustrates an exemplary flow diagram of a method 1000 forenhancing the security of a communication device (e.g., a portablecommunication device) when conducting a transaction using thecommunication device, according to some embodiments. Process 1000 can beperformed, for example, by a mobile application executing on a portablecommunication device, and can be performed without using a secureelement (although a secure element can be used in some embodiments).

At block 1002, a communication device may receive a limited-use key(LUK) that is associated with a set of one or more limited-usethresholds that limits the usage of the LUK. The LUK may be receivedfrom a remote computer (e.g., a remote computer associated with MAP,CBPP, or issuer/host system). In some embodiments, the set of one ormore limited-use thresholds may include at least one of a time-to-liveindicating a time duration that the LUK is valid for, a predeterminednumber of transactions that the LUK is valid for, and/or a cumulativetransaction amount indicating the total transaction amount that the LUKis valid for. In some embodiments, the set of one or more limited-usethresholds may include an international usage threshold and a domesticusage threshold.

According to some embodiments, the communication device may alsoreceive, with the LUK, a key index that includes information pertainingto generation of the LUK. For example, the key index may include timeinformation indicating when the LUK is generated, a replenishmentcounter value indicating the number of times the LUK has beenreplenished, a pseudo-random number that is used as a seed to generatethe LUK, a transaction counter value indicating the number oftransactions that has been previously conducted by a mobile applicationof the communication device at the time the LUK is generated, and/or anycombination thereof.

At block 1004, a transaction (e.g., a payment transaction, accesstransaction, or other transaction that is performed using an account)can be initiated, for example, by placing the communication device inproximity to a contactless reader of an access device such as a POSterminal. At block 1006, the communication device may generate atransaction cryptogram using the LUK. At block 1008, the communicationdevice may send the transaction cryptogram to the access device toconduct the transaction. In some embodiments, the commination device mayalso send a token (e.g., a substitute for an account identifier) insteadof a real account identifier to the access device to conduct thetransaction. In some embodiments, process 1000 does not use a secureelement to store the token or the LUK in the communication device. Thetransaction can be authorized based on at least whether usage of the LUKhas exceeded the set of one or more limited-use thresholds and/orverification of the transaction cryptogram.

At block 1010, after conducting the transaction, process 1000 maydetermine if the set of one or more limited-use thresholds associatedwith the LUK has been exhausted or exceeded (or is about to be exhaustedor exceeded). If it is determined that the set of one or morelimited-use thresholds associated with the LUK has not been exhausted orexceeded (or is not about to be exhausted or exceeded), process 1000 maycontinue to block 1004 to conduct another transaction.

If it is determined that the set of one or more limited-use thresholdsassociated with the LUK has been exhausted or exceeded (or is not aboutto be exhausted or exceeded), the communication device may send areplenishment request for a new LUK to the remote computer at block1012. The replenishment request may be sent in response determining thatthe set of one or more limited-use thresholds associated with the LUKhas been exhausted, or in response to determining that a nexttransaction conducted with the LUK will exhaust the set of one or morelimited-use thresholds. In some embodiments, the replenishment requestmay be sent in response to receiving a push message requesting thecommunication device to replenish the LUK

The replenishment request may include transaction log informationderived from a transaction log (e.g., a transaction verification log)stored on the communication device. In some embodiments, the transactionlog stored on the communication device may include, for each transactionconducted using the LUK, a transaction timestamp indicating the time ofthe corresponding transaction, an application transaction counter valueassociated with the corresponding transaction, and/or a transaction typeindicator indicating whether the corresponding transaction is a magneticstripe based transaction or an integrated chip based transaction. Insome embodiments, the transaction log information sent to the remoteserver or computer may include an authentication code computed over atleast the transaction log using the LUK. If the transaction loginformation in the replenishment request matches the transaction loginformation at the remote computer, process 1000 may continue to block1002, and communication device may receive a new LUK and a new key indexassociated with the new LUK.

FIG. 11 illustrates an exemplary flow diagram of a method 1100 forenhancing the security of a communication device when conducting atransaction using the communication device, according to someembodiments. Process 1100 can be performed, for example, by a computerassociated with CBPP or issuer.

At block 1102, account information associated with an account isencrypted using a first encryption key to generate a second encryptionkey. In some embodiments, the account information may include an accountidentifier such as a PAN, an alternate account identifier such as analternate PAN, or a token that is a substitute for an accountidentifier. In some embodiments, the first encryption key may be amaster derivation key associated with the issuer of the account.According to some embodiments, encrypting the account information togenerate the second encryption key may include encrypting the accountinformation using the first encryption key to generate a first portionof the second encryption key, inverting the account information, andencrypting the inverted account information using the first encryptionkey to generate a second portion of the second encryption key. In someembodiments, the second encryption key may be a unique derivation keyfor the account

At block 1104, key index information is encrypted using the secondencryption key to generate a limited-use key (LUK). The key indexinformation may include a key index having information pertaining togeneration of the LUK. For example, the key index information mayinclude a counter value indicating the number of times that the LUK hasbeen renewed or replenished in a predetermined time period and/or timeinformation indicating when the LUK is generated. In some embodiments,encrypting the key index information to generate the LUK may includepadding the key index with a first value to generate a first padded keyindex information, and encrypting the first padded key index informationto generate a first portion of the LUK. Encrypting the key indexinformation to generate the LUK may also include padding the key indexwith a second value to generate a second padded key index information,and encrypting the second padded key index information to generate asecond portion of the LUK.

At block 1106, process 1100 associates the LUK with a set of one or morelimited-use thresholds that limits the usage of the LUK. At block 1108,the LUK and the key index are provided to a communication device (e.g.,a portable communication device) to facilitate the generation of atransaction cryptogram for a transaction conducted using thecommunication device. The transaction may be authorized based on the LUKand the transaction cryptogram (e.g., whether usage of the LUK hasexceeded the set of one or more limited-use thresholds and/orverification of the transaction cryptogram).

In some embodiments, when the transaction is an integrated chip basedtransaction, the transaction cryptogram may be generated by encipheringtransaction information (e.g., dynamic transaction information such asterminal transaction data received from an access device during atransaction) using a first portion of the LUK, deciphering theenciphered transaction information using a second portion of the LUK,and re-enciphering the deciphered transaction information using thefirst portion of the LUK.

When the transaction is a magnetic stripe based transaction, thetransaction cryptogram may be generated by encrypting a predeterminednumeric string using the LUK, and decimalizing the encryptedpredetermined numeric string. In some embodiments, decimalizing theencrypted predetermined numeric string may include extracting numericdigits from the encrypted predetermined numeric string to form a firstdata block, extracting hexadecimal digits from the encryptedpredetermined numeric string and converting each extracted hexadecimaldigit into a numeric digit to form a second data block, andconcatenating the first data block and the second data block to form thetransaction cryptogram. The transaction cryptogram and/or the key indexcan be embedded in track-2 equivalent data of an authorization requestmessage.

IX. Cloud-Based Payments Platform (CBPP)

This section describes additional details of some of the functionalitiesthat can be performed by the cloud-based payments platform (CBPP) (e.g.,CBPP 180). In some embodiments, these functionalities may include keymanagement, active account management and account parametersreplenishment, payment and payment transaction processing, verificationfor payment, provisioning, lifecycle management, and post-paymentverification. Communications between CBPP and mobile applicationplatform (MAP) can be established using secure channels such as thoseadhering to transport level security (TLS) protocol, time bound securesockets layer (SSL) protocol, or hypertext transfer protocol secure(HTTPS) protocol. Communications between CBPP and the issuer/host systemcan be established using secure channels adhering to the securityrequirements of issuer.

Key Management

The issuer of an account may use a dedicated set of keys (e.g., MDKs)per bank identification number (BIN) range or per primary account number(PAN) range for cloud-based payment transactions in order to avoidsituations where the same keys are used for both secure element basedand cloud-based transactions. A MDK can be used as a base key togenerate the LUKs that are provided to a portable communication device.In some embodiments, CBPP may provide its own set of issuer MDK keys(specific for the cloud-based environment) which are stored in its ownhardware security modules. In some embodiments, instead of using its ownset of MDKs to generate LUKs, CBPP may make calls to the issuer/hostsystem to retrieve LUKs stored in hardware security modules of theissuer/host system.

Active Account Management and Account Parameter Replenishment

The cloud-based payments techniques described herein do not require theuse of a secure element to securely store data such as a unique derivedkey (UDK). As such, the portable communication device may not haveaccess to all the capabilities associated with a secure element, such asthe capability to generate application cryptogram (AC) for transactionsusing only securely stored information. In order to mitigate the risk ofaccount parameters being compromised, limited-use account parameters canbe generated by CBPP periodically and replenished in the mobileapplication of the portable communication device as well as refreshed inthe issuer/host system in order to maintain the account in the activestate.

For the active account management process to be initiated, CBPP mayreceive a request for account parameters generation from MAP or theissuer/host system. For example, MAP may request a new set of accountparameters such as a limited-use key and associated key index from CBPPin response to a request for account parameters data update from themobile application. As another example, the issuer/host system maycheck, during transaction processing, if the current set of accountparameters is still valid (e.g., being used within its limited-usethresholds such as the number of allowed transactions, the time-to-live,etc.). In case the threshold for a given risk setting gets exceeded, theissuer/host system may alert CBPP that a new set of account parametersis to be updated in the mobile application.

In response to a request, CBPP may generate a set of account relateddata. The account related data may include semi-static accountinformation and dynamic account parameters that changes with eachreplenishment such as a LUK that may be used by the mobile applicationto generate a transaction cryptogram (e.g., an application cryptogram(AC)) when the portable communication device is presented to contactlessreader of access device. The account parameters may be account specific(e.g., different account parameters for different accounts of the user),portable communication device specific (e.g., different accountparameters for different portable communication devices of the user,even when the underlying account is the same), and/or mobile applicationspecific (e.g., different account parameters for different mobileapplications, even when the different mobile applications are within thesame portable communication device).

The set of account related data may also include risk managementparameters (e.g., limited-use thresholds such as number of consecutivetransactions allowed and time-to-live) that will indicate to issuer/hostsystem how it is supposed to use the transaction data. The riskparameters may be account specific (e.g., all cloud-based transactionsconducted with an account are consolidated for assessment of riskparameters), portable communication device specific (e.g., allcloud-based transactions conducted with a particular portablecommunication device are consolidated for assessment of riskparameters), mobile application specific (e.g., all cloud-basedtransactions conducted via a particular mobile application areconsolidated for assessment of risk parameters), and/or accountparameters specific (e.g., each set of account parameters has its ownset of risk parameters).

In some embodiments, the issuer/host system may implement its own set ofrisk limits or limited-use thresholds that is applied per account tohave a consolidate view of all transactions performed on the account,because the same account can be provisioned in different mobileapplications which may have their own risk limits, while alltransactions conducted by the different mobile applications using thataccount may be authorized by the same issuer/host system. The riskmanagement parameters can be pre-defined in both the mobile applicationand the issuer/host system, or can be managed separately by othersystems, so that CBPP may not need to generate them. The set of accountrelated data may also include device threshold management parametersthat are used to trigger the update of account parameters in the mobileapplication as well as to update risk management parameters the inissuer/host system when possible.

The mobile application may store or receive from the cloud a number ofrisk management parameters (e.g., limited-use thresholds) that triggerthe update of the current set of account parameters. When accountparameters are close to the point when they become out of date (e.g.,when it is that a next transaction conducted with the LUK will exhaustthe set of one or more limited-use thresholds), the mobile applicationmay request an update from CBPP via MAP to replenish account parameters.The device threshold management parameters monitored by the mobileapplication may include, for example, a number of transactions with agiven set of account parameters that can be performed before the accountparameters need to be updated (e.g., five transactions). Mobileapplication may send an alert to the mobile wallet platform before thislimit gets exceeded in order to let portable communication device beused for one or more transactions before they start to get declined(e.g., the alert can be sent after four transactions to allow portablecommunication device to be used for one more transaction). Hence, if theaccount parameters are valid for a predefined number of transactions inthe CBPP risk management parameters, then the number of transactions forthe on-device threshold management parameters managed by mobileapplication can be configured with a threshold lower than the value inCBPP to trigger replenishment.

The device threshold management parameters may also include atime-to-live for a given set of account parameters before they need tobe updated (e.g., five days). Mobile application 114 can notify themobile wallet platform before this limit gets depleted in order torequest a new set of account parameters (e.g., after four days). Hence,if account parameters have an expiration time in the CBPP, then thevalue of the time-to-live for on device threshold management parametersmanaged by mobile application can be configured with a threshold beforethat specified time in the CBPP to trigger replenishment. In someembodiments, the device threshold management parameters may also includebut not limited to: a use transaction amount for the mobile applicationto make a decision whether account parameters should be updated or not(e.g., smaller transaction amounts may not require an immediate updateof the account parameters); a cumulative transaction amount as thetrigger for account parameters update based on the sum of individualtransaction amounts; and/or a domestic versus international risksettings in order to trigger updates for international transactions moreoften in case they are considered more risky.

Since the account parameters are intended for limited use, additionalrisk management parameters specific to the cloud-based environment maybe implemented and performed by the issuer/host system. These riskmanagement parameters can either be provided to the issuer/host systemby CBPP during active account management process, or they can be definedand managed separately. For example, the issuer/host system may verifythat the current set of account parameters (e.g., LUK and associated keyindex) can be used for only a limited number of times (e.g., five times)before the issuer/host system raises an alert to request CBPP togenerate a new set of account parameters to be replenished in the mobileapplication. The issuer/host system may also check that the current setof account parameters can only be used for a limited period of time(e.g., five days) before a new set of account parameters need to begenerated by CBPP and sent to the mobile application.

Additional risk management parameters checks such as individualtransaction amounts and cumulative total transaction amounts can also beperformed by the issuer/host system. For example, smaller transactionamounts may not require an immediate update of the account parameterswhile high value transactions may require updates more often. As anotherexample, when the cumulative total transaction amount based on the sumof individual transaction amounts gets exceeded, issuer/host system maynotify CBPP that a new set of account parameters needs to be generatedand replenished in mobile application. Domestic versus internationalrisk settings may also be checked to trigger updates for internationaltransactions more often in case they are considered more risky.

After CBPP receives a request for account parameters to be updated fromeither the MAP or the issuer/host system, CBPP can proceed with datageneration for a given account. CBPP may use its own set of issuer MDKkeys (specific for cloud-based environment) which it stores in its ownhardware security modules and generate the LUK derived from the MDKusing a newly generated key index, or CBPP may retrieve LUKs derivedfrom the MDK using the newly generated key index from issuer/hostsystem's hardware security modules.

After generating or otherwise retrieving the new set of accountparameters, CBPP may send the account parameters to the entities thathave requested it. MAP may receive the new set of account parameters anddevice threshold management parameters, and further send it to themobile application. In some embodiments, the set of risk parameters orlimited-use thresholds for a given account may change over time, and thenew set of account parameters may have different thresholds than theprevious set of account parameters. The threshold limits may change, forexample, based on consumer spending habits, or if the consumer istravelling abroad. The issuer/host system may also receive the new setof account parameters from CBPP. In some embodiments, CBPP may bedisconnected from the issuer/host system or may not be real-timeconnected. In this case, the issuer/host system may use a time stamp inthe authorization message to determine when the data has been generated.In particular, the key index may be generated to contain the notion ofthe date when the account parameters were generated.

After MAP and the issuer/host system receive the new set of accountparameters and device threshold management parameters from CBPP, theymay perform certain actions. MAP may deliver and apply the new set ofaccount parameters to the mobile application over a communicationnetwork. After the set of account parameters gets replenished in themobile application, the old set of set of account parameters becomesobsolete and can be deleted from the mobile application. If MAP isunable to communicate to the mobile application immediately, it may keeptrying to do so until communication to the mobile application isestablished; otherwise the issuer/host system may start decliningtransactions that are performed with the old set of account parametersfrom that point of time. In some embodiments, MAP may receive aconfirmation from the mobile application that the account parametershave been updated in order to notify the issuer/host system to startusing the new set of account parameters. The issuer/host system may alsoupdate risk management parameters for a given set of account parametersas soon as it gets an update. In case the issuer/host system received anupdate from CBPP directly real-time or with a certain delay, it mayrefresh risk management parameters for the new set of accountparameters, for example, if the issuer/host system receives aconfirmation form CBPP that the new set of data has been successfullyapplied to the mobile application. In case the issuer/host systemdoesn't receive an update directly from CBPP, the issuer/host system mayreceive the new set of account parameters in the first transactionconducted with portable communication device after the update. At thatmoment, the processing authorization system may activate the new riskmanagement parameters for the new set of account parameters and apply adifferent policy or obsolete the old set of account parameters.

The issuer/host system may operate in sync with CBPP and consequentlywith MAP to ensure that the transaction data processing process issynchronized with the account parameters generation process. The datageneration system and data host processing system may also usealgorithms, time stamps and other mechanisms to ensure that the data inthe issuer/host system and the mobile application are consistent, up todate, and abide by the same risk model.

Payment and Payment Transaction Processing

When the payment transaction is initiated at an access device and thenprocessed by the processing authorization system, the mobile applicationand the issuer/host system may take additional actions to process thecloud-based transaction. When the payment transaction occurs, and theportable communication device and contactless reader exchange data, themobile application may use the LUK or together with it associated keyindex stored in the mobile application to generate a transactioncryptogram (e.g., an application cryptogram (AC)). From the readerperspective, the transaction may look like a regular contactlesstransaction. For an integrated chip based transaction, the access devicemap provide an unpredictable number (UN) that is used for thetransaction cryptogram generation. For a magnetic stripe basedtransaction, the transaction cryptogram may be generated by the mobileapplication without using input from access device. In some embodiments,a dynamic card verification value (dCW) may be omitted.

After the mobile application sends the transaction cryptogram and othertransaction data to the access device, the mobile application may checkthat the account parameters are still valid by checking the on-devicethreshold management parameters (e.g., on-device limited-usethresholds). The mobile application may alert MAP when the devicethreshold management parameters are exceeded and request a new set ofaccount parameters from CBPP. The mobile application may check that evenif the account parameters have not been updated in the mobileapplication, that the old set of account parameters can still be used insubsequent transactions in order to let the issuer/host system makes theauthorization and risk decision.

After the interaction between the mobile application and the accessdevice takes place, the transaction data is passed by the merchant andacquirer to the issuer/host system. When the issuer/host system receivesthe transaction data in the authorization request message, theissuer/host system may validate the transaction cryptogram and othertransaction data, convert an alternate account identifier or tokenassigned into a real account identifier (e.g., a real PAN) if necessary,perform risk parameter checks, and verify the account is in a goodstanding. The issuer/host system may verify that the data in particularthe transaction cryptogram and key index are still valid for a givenaccount by checking risk management parameters. CBPP may be alerted whenrisk management parameters are exceeded and request a new set of accountparameters from CBPP to be replenished in mobile application via theMAP. Even if the account parameters have not been updated in the mobileapplication, the issuer/host system may verify that the old set ofaccount parameters can still be used in the subsequent transactions incase the issuer believes that this risk is acceptable for a givenaccount, BIN or PAN range or specific transaction environment (e.g.,domestic vs. international).

Although the account parameters may have been exceeded from the point ofview of the issuer/host system because they haven't been updated in themobile application, the issuer/host system may allow the transaction andprovide some level of tolerance. CBPP may be notified that theissuer/host system may start declining further transactions if theaccount parameters are not updated in mobile application. Thresholds areset for each of the risk management parameters in the issuer/host systemsuch as the number of transactions and time to live that would allowCBPP to be notified in advance before the actual risk managementparameters are exceeded. This may give additional time to CBPP togenerate a new set of account parameters and let MAP to replenish theaccount parameters in mobile application.

Verification for Payment

To conduct a transaction, the consumer may activate the portablecommunication device before presenting portable communication device tocontactless reader in order to proceed with the transaction. In someembodiments, activation of the portable communication device may involvethe consumer entering input for a consumer device cardholderverification method (CDCVM) on the user interface of the portablecommunication device. Depending on the mobile application configuration,the CDCVM may be at the device level (e.g., screen lock) or at themobile application level (e.g., application password/passcode). Themobile application may be set up to use a CDCVM on every transaction, oron every transaction greater than a certain transaction amount. If themobile application is configured to use the CDCVM, the consumer may beprompted to enter an input corresponding to the CDCVM for authenticationbefore or during the mobile payment transaction. If a CDCVM is used on atransaction and the CDCVM was obtained before presentment of theportable communication device to contactless reader, the transaction mayproceed to completion. If a CDCVM is used on a transaction and the CDCVMwas not obtained before presentment of the portable communication deviceto the contactless reader, the transaction process may depend upon themerchant access device version.

CBPP may provide a set of functions where issuer can set the CDCVM, andthis CDCVM configuration information (e.g., screen lock, passcode, etc.)is provisioned to the mobile application. CBPP may support the issuerCDCVM requirements, and allow the issuer to configure the CDCVM data inthe provisioning data. In some embodiments, the issuer/host system maydetermine if an input corresponding to a CDCVM was entered. Where aninput corresponding to a CDCVM is captured by the device, the result canbe passed to the issuer/host system in the authorization message fortransaction processing.

Provisioning

CBPP may provide a set of provisioning functions that allow cloud-basedaccount data to be sent to MAP. CBPP may manage the data per cloud-basedaccount and ensure the data is sent to MAP per request. CBPP may performdata preparation before sending to MAP, and support a provision functionwhere an issuer could initiate a request to replenish or update thecloud-based account data. CBPP may provide a provisioning function toprovision account parameters data to MAP per account holder, and prepareand package the data before sending to MAP. For example, CBPP mayprovide a function to provision the semi-static data portion (e.g.,account identifier or token) and the dynamic data portion (e.g., LUK andkey index) to MAP. CBPP may maintain a state machine per account andprovide push or pull functionality to/from MAP for initiating aprovisioning/replenishment request. CBPP may provide a replenishmentfunction to provision account parameter data to MAP per account holder.CBPP may provide a provisioning/replenishment functionality with pushfeatures from the issuer. CBPP may provide provisioning/replenishmentfunctionality that supports a single account which could be initiated byMAP or the issuer/host system. In some embodiments, CBPP may provideupdated account parameters as part of a provisioning/replenishmentrequest only if invoked by the mobile application.

Life Cycle Management

Lifecycle management is a set of functions which perform accountlifecycle events. CBPP may receive and process lifecycle event messagesfrom MAP or from the issuer/host system. For some cases, the lifecyclerequest can be initiated by the consumer as in the case of deleting anaccount from the mobile application or blocking an account from theissuer to handle fraud activity. CBPP 180 may perform lifecyclemanagement functions per account, and provide account lifecycle eventssuch as adding, deleting, suspending, and resuming suspended accounts.In some embodiments, account lifecycle events may include replacing orblocking accounts, and/or managing lost or stolen accounts. CBPP mayprovide an interface for MAP and/or the issuer/host system to perform alifecycle update of a consumer account. The query may triggerprovisioning or replenishment of new account parameters. In someembodiments, CBPP may act on the lifecycle events such as deleting orsuspending accounts upon such a request immediately. CBPP may providenotification of all lifecycle events to impacted systems, such as theissuer/host system and MAP.

Post-Payment Processing

Post payment verification may mitigate the risk against counterfeitaccount parameters. It may also reduce the exposure on accountparameters stored on the portable communication device, e.g. theissuer/host system can perform periodic verification, which limits theexposure associated with account parameters stored on the portablecommunication device. CBPP may define a protocol to exchange postpayment verification messages. The post payment verification protocolmay be based on real time interfaces and may follow transport levelsecurity (TLS). Either issuer/host system and/or CBPP can trigger thepost payment verification message exchange. CBPP may provide options forissuers to configure the post payment verification parameters, whichtriggers the post payment verification message exchange with CBPP. Forexample, an issuer may configure the parameters such that CBPP triggersthe post payment verification on transactions above a threshold (e.g.,$100). Issuer may configure the parameters such that CBPP triggers thepost payment verification on every renewal of account parameters orafter a number of renewals (e.g. after five renewals). In someembodiments, an issuer may configure the parameters such that theissuer/host system initiates the post payment verification. In thiscase, CBPP facilitates messages exchange between the issuer/host systemand the mobile application.

In some embodiments, CBPP may refrain from taking any action based onthe results of verification, and may instead informs the issuer/hostsystem about suspicious activity. The issuer/host system may decide anappropriate action based on their process and risk profile of theaccount. CBPP may support post-payment processing handling using atransaction verification log to verify whether the appropriate devicemade a payment. CBPP may support post-payment processing handling usingthe transaction verification log to verify whether the appropriatedevice is initiating the request for account parameters replenishment,e.g., by verifying that the transaction log for a given set of accountparameters stored on the portable communication device matches thetransactions at the issuer/host system. CBPP may provide options toconfigure thresholds to triggers post payment verification messages fromCBPP. CBPP may take life cycle management action based on the results ofpost payment verification. If verification fails, then CBPP may informthe issuer/host system about the suspicious activity. CBPP may provideadditional information, such as location information about a transactionor unique device identifiers, in the transaction verification log.

X. Mobile Application Platform (MAP)

This section describes additional details of some of the functionalitiesthat can be performed by the mobile application platform (MAP) (e.g.,MAP 170). According to some embodiments, MAP may manage the mobileapplication and intermediate communications between CBPP and the mobileapplication. MAP may support cloud-based payment interactions such asenrolling into a cloud-based payment service, provisioning cloud-basedpayment accounts, active account management (i.e., account parameterreplenishment, account lifecycle management, and post paymenttransaction verification log requests. MAP and CBPP may communicateusing a secure transport channel such as time bound SSL or HTTPS. MAPand CBPP may exchange secure web service message by using Web ServicesSecurity (WSS).

To communicate with the mobile application, MAP may authenticate theuser, the portable communication device, and/or the mobile applicationusing single or multifactor authentication to establish a secure channelbetween the mobile application and MAP. In support of this, MAP mayestablish an account with the consumer with a unique username andpassword. The password can be stored and verified by MAP. The consumercan create their mobile application credential (username/password) viathe enrollment process. In some embodiments, this username and passwordmay be different or the same as the portable communication deviceverification or CDCVM.

Enrollment and Account Provisioning

MAP may forward account and consumer enrollment data received from themobile application to CBPP or the issuer/host system for validatingenrollment requests and performing issuer defined identification andverification processes. The issuer may be involved in the enrollmentprocess (e.g., the issuer makes the accept/decline enrollment decisionor delegates the decision to a third party under pre-definedconditions). In both cases, the issuer may be in control of the criteriaand specifically defines account verification methods and the consumerauthentication methods. MAP may support the receipt of an enrollmentrequest and associated enrollment data from the mobile application.

MAP may route the enrollment request and associated data to CBPP and/orthe issuer/host system. Upon successful enrollment, MAP may initiate aprovisioning request with CBPP. If provisioning is successful by CBPP,MAP may receive the data from CBPP to configure the new cloud-basedpayment account in the mobile application. MAP may receive aprovisioning confirmation or failure notification from the mobileapplication. MAP may route the confirmation or failure notification fromthe mobile application to CBPP and/or the issuer/host system. Ifprovisioning is not successful by CBPP, MAP may receive an enrollmentfailure notification from CBPP, and MAP may route the provisioningfailure notification to the mobile application. The mobile applicationmay display an appropriate message to the consumer.

Active Account Management

In order to mitigate the risk of the account parameters beingcompromised, account parameters are periodically generated by CBPP (orby the issuer/host system) and replenished in the mobile application aswell as refreshed in the issuer/host system in order to maintain theaccount in the active state. For the active account management processto be initiated, CBPP may receive a replenishment request for newaccount parameters from the mobile application through MAP. CBPP mayalso act upon a replenishment request received from the issuer/hostsystem. MAP acts as a broker and routes the communications to and fromthe mobile application and to and from CBPP for active accountmanagement interactions.

In a pull implementation, MAP receives an account parameterreplenishment request from the mobile application. Before initiating therequest message exchange from the mobile application, MAP may establisha secure communication channel. After receiving the replenishmentrequest, MAP forwards the replenishment request message to CBPP. Afterprocessing the replenishment request, CBPP sends new account parametersto MAP, which then forwards them to the mobile application. Ifnecessary, MAP may re-establish a secure connection with mobileapplication. If MAP is not successful in sending the account parametersreplenishment response from CBPP to the mobile application after apre-determined number of attempts in a time window, MAP may notify CBPPthat the account parameter replenishment delivery attempt was notsuccessful.

In a push implementation, CBPP (or the issuer/host system) initiates theprocess to update the account parameters. CBPP sends a push message toMAP to initiate the replenishment push. MAP then sends the push messageto the mobile application. The mobile application then generates theaccount parameter replenishment request per the pull flow describedabove. Before initiating the exchange of sensitive information, MAP mayperform user, portable communication device, and/or application levelauthentication per security requirements. If MAP is not successful insending the account parameters replenishment response from CBPP to themobile application after a pre-determined number of attempts in aspecified time window, MAP may notify CBPP that the account parameterreplenishment attempt was not successful.

Upon the mobile application receiving and processing the new set ofaccount parameters from either the push or pull implementations, mobileapplication may generate a status or confirmation notification to MAP,which then forwards the status or confirmation notification to CBPP.

Lifecycle Management

When a consumer initiates account deletion, MAP may facilitate a deletemessage exchange from the mobile application to CBPP and the issuer/hostsystem. MAP may delete the account data associated with the account fromits database, and forward the delete message from the mobile applicationto the CBPP.

When an issuer initiates account deletion, MAP may facilitate a deletemessage exchange from CBPP or the issuer/host system to the mobileapplication. The issuer/host system may send a delete request to CBPP orto MAP. MAP may forward the delete message from the issuer/host systemor CBPP to mobile application. MAP may send an acknowledgement to CBPPor the issuer/host system after receiving the acknowledgment from mobileapplication. MAP may ensure that account delete request is sent to theappropriate mobile application installed on the appropriate portablecommunication device. MAP may delete the data associated with thedeleted account from its records to ensure that the previouslyprovisioned account for the particular consumer's mobile applicationprofile is no longer an active cloud-based payments account.

When the issuer/host system or CBPP initiates account suspension, MAPmay facilitate a suspend message exchange from CBPP or the issuer/hostsystem to mobile application. The issuer/host system may send a suspendrequest to CBPP or to MAP. MAP may forward the suspend message from theissuer/host system or CBPP to mobile application. MAP may send anacknowledgement to CBPP or the issuer/host system after receiving theacknowledgment from the mobile application. MAP may ensure that accountsuspend request is sent to the appropriate mobile application installedon the appropriate portable communication device.

When the issuer/host system or CBPP initiates account resumption, MAPmay facilitate a resume message exchange from CBPP or the issuer/hostsystem to the mobile application. The issuer/host system may send aresume request to CBPP or directly to MAP. MAP may forward the resumemessage from the issuer/host system or CBPP to the mobile application.MAP may send an acknowledgement to CBPP or the issuer/host system afterreceiving the acknowledgment from the mobile application.

MAP may ensure that an account resume request is sent to the appropriatemobile application installed on the appropriate portable communicationdevice.

Post-Payment Processing

Post payment interactions can help issuers mitigate the risk of accountparameters being compromised and hence can help limit the exposure ofthe account parameters stored on the portable communication device. MAPmay support the receipt of information that gets captured from theon-device transaction verification log (e.g., corresponding to aparticular the key index) for the purposes of ensuring the veracity ofaccount parameters replenishment requests. The issuer/host systemworking in conjunction with CBPP has the option of initiating a request,through MAP, for transaction verification log data captured and storedby the mobile application. The mobile application may respond, via MAP,to the request with the requested transaction verification log data.This data can then be verified by the issuer/host system in order toconfirm if a particular transaction was originated by the queriedportable communication device. Examples of the data elements that may beused for this purpose may include, for each transaction conducted usingthe set of account parameters, the transaction time (e.g., contactlessinteraction time), application transaction counter (ATC) that counts thenumber of transactions conducted from mobile application, transactionamount, and/or terminal unpredictable number (UN) received from theaccess device during the transaction.

For the purposes of using transaction verification log to ascertainwhether a transaction was conducted from a certain portablecommunication device, MAP may receive a request for mobile applicationtransaction verification log data from the CBPP originated by theissuer/host system. For the purposes of using the transactionverification log to provide a degree of assurance to CBPP that therequest is originating from the appropriate portable communicationdevice, MAP may use information provided from the transactionverification log in account parameter replenishment requests from themobile application. MAP may identify and authenticate the portablecommunication device before transmitting or receiving post paymentinteraction messages to and from the mobile application.

XI. Mobile Application

This section describes additional details of some of the functionalitiesthat can be performed by the portable communication device and themobile application installed on the portable communication device usedto conduct cloud-based transactions. FIG. 12 illustrates a detailedblock diagram of a portable communication device 1201, according to someembodiments. Portable communication device 1201 may include devicehardware 1204 and memory 1202. Device hardware 1204 may include aprocessor 1205, a communications subsystem 1209, a use interface 1206, adisplay 1207 (which may be part of user interface 1206), and acontactless interface 1208. Processor 1205 can be implemented as one ormore integrated circuits (e.g., one or more single core or multicoremicroprocessors and/or microcontrollers), and is used to control theoperation of portable communication device 1201. Processor 1205 canexecute a variety of programs in response to program code orcomputer-readable code stored in memory 1202, and can maintain multipleconcurrently executing programs or processes. Communications subsystem1209 may include one or more RF transceivers and/or connectors that canbe used by portable communication device 1201 to connect with externalnetworks (e.g., communication network 192) and communicate with otherdevices. User interface 1206 can include any combination of input andoutput elements to allow a user to interact with and invoke thefunctionalities of portable communication device 1201. In someembodiments, display 1207 may be part of user interface 1206.

Contactless interface 1208 may include one or more RF transceivers tointeract with a contactless reader of an access device. In secureelement based implementations, only the secure element may have accessto contactless interface 1208. In the cloud-based payments techniquesdescribed herein, contactless interface 1208 can be accessed by themobile OS 1214 without requiring the user of a secure element. In someembodiments, display 1207 can also be part of contactless interface1208, and is used, for example, to perform transactions using QR codes,bar codes, etc.

Memory 1202 can be implemented using any combination of any number ofnon-volatile memories (e.g., flash memory) and volatile memories (e.g.,DRAM, SRAM), or any other non-transitory storage medium, or acombination thereof media. Memory 202 may store a mobile OS 1214 and amobile application environment 1210 where one or more mobileapplications reside including mobile application 1212 (e.g., a mobilewallet application, mobile payment application, etc.) to be executed byprocessor 1205. Mobile OS 1214 may implement a set of card emulationAPIs 1216 that can be invoked by mobile application 1212 to accesscontactless interface 208 to interact with an access device.

For cloud-based payments implementations, the payment system environment(e.g., PPSE) and mobile payment application functionalities areconsolidated into mobile application 1212, whereas secure element basedimplementations may provide some or all of these functionalities from asecure element. Mobile application 1212 may include cloud-based paymentslogic 1250. Cloud-based payments logic 1250 may include contactlesspayment logic 1258, proximity payment system environment (PPSE) logic1256, transaction verification log 1254, and account parametersthresholds 1252 (e.g., set of one or more limited-use thresholdsassociated with LUK 1242). Contactless payment logic 1258 may includefunctionalities that enable contactless communications to carried out toconduct a contactless transaction with a contactless reader of an accessdevice. PPSE logic 1256 is used to inform the access device whichpayment product is available on mobile application 1212. The accessdevice then uses this information to select the payment account toinitiate a contactless transaction. Transaction verification log 1254can be used for post-payment support. Mobile application 1212 maymaintain transaction verification log 1254 (can be hidden from theconsumer) retaining transaction details for transactions initiated frommobile application 1212. Mobile application 1212 may also use thetransaction verification log 1254 to support active account managementprocesses and post payment interactions. Account parameters thresholds1252 (e.g., limited-user thresholds) are initially configured and canpotentially be updated with different thresholds to inform mobileapplication 1212 when to initiate a request for updated accountparameters (e.g., time-to-live, number of transactions, cumulativetransaction amount, etc.).

Mobile application 1212 may also include account parameter storage 1240and mobile application platform (MAP) communications logic 1246. Accountparameter storage 1240 stores the account parameters (e.g., accountidentifier or alternate account identifier or token, LUK 1242, key index1244, etc.) that are used to initiate a cloud-based payment transaction.MAP communications logic 1246 is used to enable secure communicationswith a mobile application platform (MAP) in order to request, send, andreceive information to manage a user's cloud-based payment accounts.This may include logic to consume and process information for accountmanagement logic 1230.

Account management logic 1230 includes logic to process information forthe cloud-based payments services such as enrollment logic 1232,provisioning logic 1233, active account management logic 1236, lifecyclemanagement logic 1234, and post payment interactions logic 1238.Enrollment logic 1232 includes logic for a consumer to initiate theenrollment of an account to the cloud-based payment service.Provisioning logic 1233 includes logic to process the issuer data toconfigure the account into mobile application 1212, including theprovisioning of the initial account parameters. Active accountmanagement logic 1236 can be used to initiate a request with MAP toupdate the account parameters when account parameter thresholds havebeen exceeded. Lifecycle management logic 1234 may include logic toinitiate and process account lifecycle events such as consumer initiateddelete, issuer-initiated delete, issuer-initiated suspend, and/orissuer-initiated resume, etc. Post payment interactions logic 1238 isused to support payment verification. Post payment interactions logic1238 may include logic to receive and respond to requests from MAP fortransaction verification log 1254. Post payment interactions logic 238can also be used to support account parameters replenishment, and mayinclude logic to extract required information from transactionverification log 1254 to send to MAP as part of an account parameterreplenishment request.

Mobile application 1212 may also include mobile application features1220. Mobile application features 1220 may include consumer verificationmethods (CVM) logic 1224, payment modes 1222, and user settings 1226.CVM logic 1224 may include logic required to confirm a mobileapplication passcode or on-device verification method (e.g., screenlock), or other verification information method supported by mobileapplication 1212. Payment modes 1222 may include logic to supportvarious ways of setting up mobile application 1212 and portablecommunication device 1201 to be ready to initiate a transaction, and mayinclude support for Manual Mode and/or Always-On Mode.

Manual Mode is a state where mobile application 1212 is configured to beaccessible for making a payment after the consumer has explicitly chosento (1) open mobile application 1212, (2) entered user input for aconsumer verification method if required, and (3) selected an account tomake a contactless payment transaction and for a single transaction orlimited time. For Manual Mode, a decision can be made whether a consumerdevice cardholder verification method (CDCVM) will be required prior tomaking payment. If a CDCVM is used, then the two-tap scenario forhigh-value transactions may not be necessary. Conversely, to reducebarriers to use, if an issuer decides to opt for not asking for a CDCVMin Manual Mode, then the consumer will be able to conduct transactionsonce the conditions for Manual Mode operation are met. In this latterscenario, mobile application 1212 may support entry of CDCVM if a CDCVMis requested during a high value payment.

Always-On Mode is a state where an account on portable communicationdevice 1212 (a default account) is intended to be continuouslyaccessible to a contactless reader. A portable communication device withan account set in this state allows a consumer to initiate a contactlesspayment transaction by the presentation of the portable communicationdevice to a contactless reader. Always-On Mode may also support deviceverification (referred to below Always-On with On-Device VerificationMode). This setting allows for additional security. For example, theuser may have to unlock the portable communication device's userinterface or display screen before mobile application 1212 responds to acontactless reader attempting to initiate payment transaction.

FIGS. 13-15 illustrate the state machine of mobile application 1212 whenmobile application 1212 is in Manual Mode (FIG. 13), Always-On Mode(FIG. 14), and Always-On with On-Device Verification Mode (FIG. 15). Thevarious states shown in FIGS. 13-15 are described below.

Downloaded: The consumer downloads the application. The downloaded statecan be a transient state depending upon the application and OS design.If the consumer taps the portable communication device on a contactlessreader in this state, then no information is exchanged between theportable communication device and the reader.

Installed: The consumer performs the installation. If the consumer tapsthe portable communication device on a contactless reader in this state,then no information is exchanged between the portable communicationdevice and the reader.

Initialized: The consumer sets up an account with MAP but no paymentcard is added. If the consumer taps the portable communication device ona contactless reader in this state, then no information is exchangedbetween the portable communication device and the reader.

Active: The consumer adds a payment card and valid account parametersare provisioned in the mobile application. If the consumer taps theportable communication device on a contactless reader in this state,then the mobile application may respond per the Validate ProcessingMode.

Ready-to-Pay (Manual-Mode): The consumer activates a payment card tomake a payment. This is a transient state and the mobile applicationmust set up a timer to exit from the state. The mobile application movesto payment Sent state if the transaction is made or moves to Activestate if it times out, or moves to “CDCVM Input” if CDCVM input isrequired. If the consumer taps the portable communication device on acontactless reader in this state, then the mobile application initiatesthe contactless data exchange.

Ready-to-Pay (both Always-On Modes): The portable communication deviceis ready to initiate a transaction with a contactless reader. Theconsumer selects Always-On Mode in the mobile application. The mobileapplication moves to payment sent state if a transaction is made ormoves to CDCVM input state if CDCVM is required. If the consumer tapsthe portable communication device on a contactless reader in this state,then the mobile application initiates the contactless data exchange.

CDCVM Input: The contactless reader asks for a CDCVM. This is atransient state and the mobile application must set up a timer to exitfrom the state. The mobile application moves to the Second Tap state ifthe consumer enters a valid CDCVM, otherwise it moves to Active state(Manual Mode) or Ready-to-Pay (in both Always-On Modes) after the timerexpires. If the consumer taps the portable communication device on acontactless reader in this state, then no information is exchangedbetween the portable communication device and the reader.

Second Tap: The portable communication device is ready for second tap totransmit CDCVM verification information to a contactless reader. This isa transient state and the mobile application may set up a timer to exitfrom the state. The mobile application moves to the Payment Sent stateif the consumer taps the portable communication device on a contactlessreader, otherwise it moves to Active state (Manual-Mode) or Ready-to-Pay(in both Always-On Modes) after the timer expires. If the consumer tapsthe portable communication device on a contactless reader in this state,then it sends a CDCVM verification flag to a contactless reader.

Payment Sent: The consumer sends the payment payload to a contactlessreader. This is a transient state. If the consumer taps the portablecommunication device on a contactless reader in this state, then noinformation is exchanged between the portable communication device andthe reader.

Background: The mobile application is running in the background. If theconsumer taps the portable communication device on a contactless readerin this state, then the mobile application may respond per the ValidateProcessing Mode.

Not Running: The mobile application is not running on the portablecommunication device. If the consumer taps the device on a contactlessreader in this state, then no information is exchanged between theportable communication device and the reader.

Mobile Application Security

To provide additional security, mobile application 1212 may obfuscateand protect stored keys by an accepted mechanism, such as key wrapping.Code and data in the mobile application 1212 may be obfuscated in orderto protect the code against reverse engineering. Communications betweenmobile application 1212 and MAP that contain sensitive information canbe exchanged after the channel has been secured by MAP (e.g. using TLS).Mobile application 1212 may adhere to appropriate industry standards;such as FIPS-140-2. Error codes sent to the OS logging framework maydisclose only information that will not be of aid to an attacker. Eventlogs and debugging information may avoid exposing directly or indirectlyany credentials. Logged information can also be encrypted. Mobileapplication 1212 and MAP may provide mechanisms to detect, resist, andreport if the portable communication device is in debug mode. Devicestate including jail breaking, rooting, malware, mobile applicationruntime integrity, etc. can be checked prior to personalization andprovisioning of mobile application 1212, and when a new accountparameter are sent to mobile application 1212. If any compromises aredetected, mobile application 1212 can be deactivated, and thedeactivation reason relayed back to MAP. The mobile application securitycapabilities can be inherently built in mobile application 1212, anddependencies on the portable communication device and OS platformsecurity capabilities can be minimized. For a rooted or stolen device togain access, device fingerprinting and tools that support deviceanalysis and attestation can be used.

In some embodiments, MAP may authenticate the consumer and/or portablecommunication device 1201 using single or multifactor authentication.The storage/memory used to store the keys in mobile application 1212 maygo through a certification process. For example, root credential can begenerated. The input for generating root credential can be created fromhigh entropy attributes such as hard to clone functions (UFs) residenton the portable communication device and time-bound attributes receivedand stored from backend system. Subsequent credentials hosted in keystore can be extracted from a generated key encryption key (KEK). Usercredentials can be used as an input to generate a Root Credential andKEK. Obfuscated permutation logic can be provided as input to generatinga Root Credential and KEK. Obfuscated permutation logic can be based onxx-morphic (polymorphic, metamorphic) mechanisms. Credential store canbe time-bound and mutable. Extracted data-at-rest key from key store canbe encrypted and decrypted from yet another KEK when resident asdata-in-use. Binary attributes for application logic processing the keycan be provided as input (bind) to generate KEK for protectingdata-in-use. Data-in-use keys can be scrubbed through application logicprocessing keys. The following Protection Profiles (PP) can beestablished: PPs for KEK1 protected Key Store, PPs for KEK1 & 2generation logic, PPs for KEK2 protected data-in-use key, and/or PPs fordata-in-use key scrubbing.

Code and data in mobile application 1212 can be obfuscated in order toprotect the code against reverse engineering. The application logic thatalso drives key extraction can be certificated for tamper resistance forensuring protection of keys. The application logic hosting credentialsused to authenticate and the credentials themselves can be certificatedfor tamper resistance. Tamper resistance/detection mechanisms can beimplemented to preserve the integrity of the code/application logic.User credentials can be used as an input to encrypting sensitive partsof code logic. Obfuscated permutation logic can be provided as input togenerating a KEK. Obfuscated permutation logic can be based onxx-morphic (polymorphic, metamorphic) mechanisms. Code and applicationlogic can be time-bound and mutable. The following Protection Profiles(PP) can be established: PPs for tamper resistance/detection, PPs forobfuscation generation logic, PPs for ensuring measured initialization,and/or PPs for update

Mobile Application Launch and Account Preparation

On each consumer-initiated manual launch (i.e., through a hard or softkey, or from the device's mobile application environment 1210), mobileapplication 1212 may check and report to MAP if portable communicationdevice 1201 is in debug mode. Mobile application 1212 may check that thepayment accounts provisioned in mobile application 1212 are active andavailable, and check if the account parameter thresholds 1252 have beenexceeded and determine if an account parameter replenish request isrequired. Mobile application 1212 may check the device state, includingjail breaking, rooting, malware, mobile application runtime integrity,and if new account parameters are sent to mobile application 1212. Ifdevice or application compromise is detected, mobile application 1212may be deactivated and the deactivation reason relayed back to MAP.

If a payment account managed by mobile application 1212 is in asuspended state then the consumer can benefit from being presented withinformation to take the necessary action or to contact their issuer. Tomake a payment account provisioned in mobile application 1212 ready forpayment, the user may first select to pay using this payment account.This can be done in the following ways for each payment mode. In ManualMode, the user launches mobile application 1212, selects the card oraccount to use for payment, navigates to payment screen for the selectedcard or account and selects to pay. In Always-On Mode, the user selectsthe card or account to be used for payment as the default paymentaccount. For Always-On with On-Device Verification Mode, the userselects the card or account to be used for payment as the defaultpayment account. Once a card or account is selected for payment, mobileapplication 1212 may configure PPSE 1256 with appropriate accountdetails of the selected card or account. Once PPSE 1256 is configured,the selected card or account is ready for payment when the user tapsportable communication device 1201 on an access device or otherwisecommunicate with the access device.

Mobile Application User Verification

In some embodiments, mobile application 1212 may support userverification when interacting with MAP and/or interacting with an accessdevice. When interacting with MAP (e.g., provisioning or replenishmentof account parameters stored in account parameters storage 1240), aunique username and password may be verified by MAP, depending on thecontext of that interaction and the requirements of the issuer. Mobileapplication 1212 may also provide a list of the cardholder verificationmethods supported by mobile application 1212 to an access device wheninteracting with the access device. Cardholder verification methods thatare supported in the card environment, such as online PIN and signature,can also be supported by cloud-based payments.

Portable communication device 1201 may also have a specific category ofcardholder verification methods, referred to as consumer devicecardholder verification method (CDCVM). There are a number of differentmethods that can be used to provide the CDCVM for mobile application1212, which can include the same username/password utilized in theauthentication with MAP. The CDCVM method utilized by mobile application212 may provide different levels of security.

Cloud-based CDCVM performed through connection to an online service mayprovide the highest level of security. This could be the same as theusername/password used for authentication to MAP. However, if dataconnectivity is not present, this would result in a payment requiringCDCVM to fail. Hence, this option may be used in Manual Mode to preventa payment transaction failing midway through the two-tap process due tono data connectivity

On-device CDCVM performed at the portable communication device levelthrough the operating system may provide a better consumer experience.An example is the method required to unlock the portable communicationdevice screen. Mobile application 1212 receives an indication fromportable communication device 1201 when the CDCVM has been successfullyentered. Mobile application 1212 has no capability to change theon-device CDCVM. Mobile application CDCVM can be performed on openingand launching mobile application 1212. An example is entering a numericcode to open mobile application 1212. As a software-based CDCVM may beless secure than the other options, this method may be used incombination with a more secure option, such as with a cloud-based CDCVM,where the mobile application CDCVM is used when there is no dataconnectivity available.

User Settings

Mobile application 1212 may receive these options, or a subset thereof,in a suitable manner or assume a default for one or more of theseoptions. These options describe the general behavior of mobileapplication 1212. For example, user settings 1226 may include paymentmodes such as Manual, Always-On, or Always-On with On-DeviceVerification. User settings 1226 may include whether the consumer canmake changes to these initial preferences, how much time a consumer hasto make a payment in each mode, how much time a consumer has to enterpassword in a two tap transaction (may be applicable to higher valuetransaction scenarios), within what time period mobile application 1212should shut down if there has been no interaction from the consumer,etc. User settings 1226 may also support password change. The user maypopulate the consumer's chosen mobile application password by invoking apassword change process and provide the current or default password andthe consumer's newly chosen password. The consumer may choose thisoption to change previously chosen passcode/password. Mobile application1212 may prompt the consumer to enter the current password and newpassword (depending on the implementation and the manner in whichpasswords are masked or not, the consumer may be prompted to input thenew password twice to ensure correct entry). Mobile application 1212 mayreplace the old passcode/password with the new passcode/password. Thelocation of the passcode/password may be stored remote or local to thedevice.

If the consumer has chosen to modify the Always-On Mode settings, thePPSE 1256 may be configured appropriately (e.g., the file controlinformation (FCI) template can be updated with directory entry for thedefault payment account). This ensures that the default account is usedwhen portable communication device 1212 is brought in proximity to anaccess device when conducting transactions.

If on-device verification setting is turned on, mobile application 1212may ensure to not initiate a transaction until the verification methodhas been confirmed. The verification method in this case can be the oneset by the user for unlocking the phone. Upon successful verification,the cardholder verification method (CVM) verified field in mobileapplication 1212 may be set. The successful verification in this settingis then conveyed to the access device and eventually to the issuer viathe CVM verified field.

Mobile Application Interaction Events

The behavior of mobile application interaction events may depend onwhether the mobile application 1212 is currently running when this eventoccurs, or whether the receipt of the event by the underlying mobileapplication environment 1210 is the trigger that caused mobileapplication 1212 to launch. Depending on the capabilities of theunderlying mobile application environment 1210, mobile application 1212may be able to differentiate between different events.

The receipt of a push notification by the underlying mobile applicationenvironment 1210 can be targeted towards mobile application 1212. Mobileapplication 1212 can be reached in band via MAP to replenish accountparameters for the cloud-based account or push other data as may bedeemed necessary by the issuer and/or MAP. The communication channelwith MAP may also be used for issuers to send lifecycle managementevents such as suspend, resume, delete.

On shutdown, mobile application 1212 may ensure that the state of eachpayment account is in a suitable state. This may apply when mobileapplication 1212 is going through an expected shutdown sequence as wellas when mobile application 1212 is unexpectedly terminated. The previousaccount verification applied during manual launch may be reversed, andpayment account CDCVM verification indicators may be set to thenegative. Mobile application 1212 may ensure that the consumer's chosensettings are reflected and that the payment accounts are in theirregular idle states.

Mobile Application Shutdown/Clean Up

Mobile application 1212 may perform cleanup when it is closedunexpectedly (e.g., the portable communication device shuts off due tolow battery power) or on purpose. In any payment mode, mobileapplication 1212 may save the payment mode, account parameters,associated thresholds, and default card settings so that they areavailable when mobile application 1212 is launched again. Mobileapplication 1212 may terminate any ongoing transaction, close any opensession with the MAP, save transaction logs if shutdown was immediatelypreceded by a successful transaction, and free up any system and memoryresources being used by mobile application 1212. In some embodiments,mobile application 1212 may choose to set or reset the “CDCVMsuccessfully performed” flag, depending on how the CDCVM verificationlogic is implemented.

The implementation logic related to PPSE configuration may differ duringshutdown/cleanup depending on the payment mode selected when mobileapplication 1212 is shut down. In Always-On Mode, mobile application1212 may save the PPSE configuration so that the PPSE picks up thedefault card as the only active card for payment when mobile application1212 is launched again. In Manual Mode, the PPSE configuration may notbe saved upon shutdown. Instead, the PPSE may be re-populated when theconsumer selects a card to pay the next time mobile application 1212 islaunched. On mobile application 1212 shutdown, mobile application 1212may ensure that the consumer's chosen settings are reflected and thatthe payment accounts are in their regular idle states.

Navigating from the Mobile Application

When the consumer presses the portable communication device's homebutton or back button to move out of mobile application 1212 and thencome back to it, mobile application 1212 may continue running in thebackground and continue the operation being performed. Mobileapplication 1212 may apply restrictions for additional security, such astimeouts, to limit the time that it can continue running in thebackground. If a consumer puts mobile application 1212 in the backgroundwhile a transaction is in progress, mobile application 1212 may continuethe transaction processing.

Mobile Application Uninstall

As part of an uninstallation process, mobile application 1212 may clearany sensitive data such as keys, certificates, and account parameters.Mobile application 1212 may inform MAP so that CBPP and the issuer/hostsystem can execute the necessary lifecycle management processes foraccounts provisioned in mobile application 1212 at the time ofuninstallation. Mobile application 1212 may close any open session withMAP, terminate the ongoing transaction if present, and release anysystem and memory resources being used by mobile application 1212.

Account Enrollment

Mobile application 1212 may include enrollment logic 1232 to enroll/adda payment account into the cloud-based payment program, unless theissuer has provided another channel to accomplish this. The issuer maybe directly involved in the enrollment process (e.g., the issuerdirectly may make the accept/decline enrollment decision or delegatesthe decision to a third party under pre-defined conditions). In bothcases, the issuer may be in full control of the acceptance criteria andspecifically defines card account verification methods and consumerauthentication methods.

Enrollment logic 1232 may allow a consumer to input card details toinitiate a payment account enrollment. The details to capture may bedetermined by the issuer/host system and/or CBPP, but should besufficient to uniquely identify and verify the payment account. Theissuer/host system and/or CBPP can determine the method and informationrequired to authenticate the consumer who owns that account. Mobileapplication 1212 may send payment account enrollment data to MAP, whichwill then send and manage the account enrollment and accountverification process with the issuer/host system and/or CBPP.

If enrollment is successful, mobile application 1212 may receive fromMAP the data for provisioning the new payment account for payment,including a payment account application ID (AID), PPSE AID, paymentaccount issuer settings, payment account card art, account parameters,account parameter settings and thresholds, etc. If enrollment issuccessful, enrollment logic 1232 may provision the payment accountbased on the information received from MAP. Mobile application 1212 mayalso, as part of the configuration process, request the consumer to setan account verification method (e.g., a passcode), if it is not alreadyset. Upon completing the account configuration, mobile application 1212may display a message to the consumer that the enrollment wassuccessful. Mobile application 1212 may support and configure theaccount parameter thresholds as defined by the issuer/host system and/orCBPP. The account parameter thresholds may include a number oftransactions (i.e. cumulative number of transactions that would triggera replenish request for a specific payment account), time to live (i.e.amount of time to elapse before mobile application 1212 would trigger areplenish request for a specific payment account), and/or cumulativetransaction amount (i.e. total monetary amount across one or moretransactions conducted on a specific account before mobile application1212 would trigger a replenish request for that account). If enrollmentis not successful, mobile application 1212 may receive and process a thefailure notification and reason code, and display a message to theconsumer that the enrollment was not successful and request the consumertake any appropriate action.

Payment Using Mobile Application

Mobile application 1212 enables the user to perform contactlesstransactions at a contactless access device via portable communicationdevice 1201. Mobile application 1212 facilitates this by using theaccount parameters provided by CBPP to generate the data format toconduct payment transactions. To avoid consumer confusion as to wherethe payment will be allocated to, if there are multiple payment mobileapplications installed on portable communication device 1212, theconsumer may be required to choose which mobile application to use forthe payment. There are a number of options how this can be achieved. Theconsumer may, at the consumer's discretion, be able to set a defaultpayment mobile application in the mobile OS settings. The consumer maybe able to set a default payment product in a specific mobileapplication's settings. The consumer may be able to manually select apayment product within that mobile application. To ensure the consumerchoice is used, mobile application 1212 may present the selected paymentaccount to the access device. Mobile application 1212 may support eitherintegrated chip based transaction path or magnetic stripe basedtransaction path, depending on which type of transaction the accessdevice supports. Integrated chip based transaction is the default pathused with a chip card capable access device, and magnetic stripe basedtransaction is the default path used with a magnetic stripe only capableaccess device.

In some embodiments, mobile application 1212 may support multipleapplication identifiers (AIDs) for a single account. A single accountmay have multiple AIDs associated with it, for example, if a transactionconducted on that account can be processed by different paymentprocessing networks and/or if the account has different services,features, product-types, and payment capabilities associated with theaccount.

The multiple AIDs can be communicated to the access device to allow anaccess device to select a preferred AID to choose how the transaction isprocessed (e.g., which payment processing network) and/or what servicesor features can be associated with the transaction. The multiple AIDscan be populated in the directory entry for the PPSE, and communicatedto an access device for this purpose.

For example, a single account may have a common debit AID and a paymentprocessing network specific AID (e.g., a Visa AID) associated with thesingle account. These AIDs can be populated in the directory entry forthe PPSE, and the PPSE File Control Information (FCI) for each directoryentry may include an Issuer Identification Number (IIN) and an IssuerCountry Code (ICC). In some embodiments, the CVM for the debit AID canbe an online CVM (e.g., an online PIN), while the CVM for the paymentprocessing network specific AID can be a signature.

A contactless payment can be initiated by the consumer tapping portablecommunication device 1201 to a contactless reader (e.g., a NFC reader),or otherwise communicating with the contactless reader (e.g., displayinga QR code or bar code) of the access device. The access device mayrequest a cardholder verification method (CVM) for transactions above athreshold amount (e.g., transactions above $20). Mobile application 1212can support a number of different CVMs, including the mobile specificconsumer device cardholder verification method (CDCVM). Not all accessdevices may support CDCVM, and in those cases, an alternative CVM can berequested such as signature or online PIN.

An indication of successful CDCVM entry is sent during the paymenttransaction to the contactless reader. Mobile application 1212 mayconfigure the appropriate data in the account parameters at the time ofpayment when the CDCVM has been successfully confirmed. Whenever theCDCVM is successfully entered, mobile application 1212 may store thisinformation so the CDCVM verified indicator and CDCVM type indicator canbe set and passed to the contactless reader during the paymenttransaction. This may prevent the access device from prompting theconsumer for CDCVM entry at the access device. Mobile application 1212may have the capability to provide indication of a successful CDCVM whenrequested by a access device during a two-tap payment transaction.

When mobile application 1212 is locked due to inactivity, mobileapplication 1212 may store this information so the CDCVM verifiedindicator can be set to negative. If a contactless payment is initiatedin this state, the access device may prompt the consumer for CDCVMentry. Mobile application 1212 may provide the capability for CDCVMreset if it provides the consumer verification entry method for CDCVM.Mobile application 1212 may set a limit for number of consumerverification attempts, and locks mobile application 1212 if this limitis exceeded. For security purposes, issuers may request additionalconsumer verification before unlocking mobile application 1212. In someembodiments, mobile application 1212 may have a CDCVM that is notsynchronized with the online PIN of a companion card.

In Manual Mode, the consumer may open or launch mobile application 1212to enable payment functionality. When mobile application 1212 is opened,functionality can be enabled so the consumer can initiate a payment bytapping portable communication device 1201 to a contactless reader.Portable communication device 1201 may prevent the consumer fromperforming a transaction based on any accounts stored in mobileapplication 1212 if mobile application 1212 is not open and active asthe foreground application.

If the CDCVM indicator is not positive (i.e. a valid CDCVM entry has notyet been entered), mobile application 1212 can request CDCVM entry onopening. If this implementation path is selected, this may ensure theconsumer is not requested again for CDCVM entry during a paymenttransaction (i.e., avoid the two-tap scenario for high value payments).Conversely, if this implementation path is not selected, usability forthe consumer may be improved by omitting the request for CDCVM entry fortransactions below a high value limit, with the trade-off being theconsumer will be asked for the CDCVM entry if a high value payment isbeing conducted.

If there is more than one payment card or account available in mobileapplication 1212, the card or account selected as the default will bethe one used for a payment transaction, unless the consumer selects analternative card or account as active for payment. Once mobileapplication 1212 is open, PPSE 1256 may be populated and portablecommunication device 201 can initiate a payment transaction. Mobileapplication 1212 may display a message to the consumer indicatingportable communication device 1201 is “Ready to Pay.” Mobile application1212 may define a time limit for inactivity, which when exceeded, maylock mobile application 1212. This ensures the consumer remains incontrol of the payment functionality, and the Manual Mode does not morphinto Always-On Mode through inactivity. Mobile application 1212 can alsoenable the consumer to select a preferred time limit in settings.Depending on whether CDCVM is required or not, mobile application 1212can require CDCVM entry to unlock mobile application 1212 after beinglocked due to inactivity.

In Always-On Mode, contactless payment capability is available wheneverthe phone screen is active. The contactless capability (e.g., NFC) maybe available even if the phone screen is still in a locked state. Toensure consumers are aware of this capability and can opt-in to itsusage, mobile application 1212 may preclude setting Always-On Mode asthe default mode. Whenever the phone screen is active, PPSE 1256 can beactivated and populated, and portable communication device 1201 is ableto initiate a payment transaction. When the consumer initiates acontactless transaction with the screen in a locked state, thecontactless reader may request CDCVM entry. Where a device-level CDCVMis used, an icon indicator may be displayed on the notification bar, andthe phone screen needs to be unlocked. Mobile application 1212 may theninstruct the consumer to tap portable communication device 1201 to acontactless reader. Where a mobile application-level CDCVM is used, anicon indicator can be displayed on the notification bar. Mobileapplication 1212 may present the CDCVM entry screen to the consumer, andthen instruct the consumer to tap portable communication device 1201 toa contactless reader once a successful CDCVM has been entered.

In Always-On with Device Verification Mode, contactless paymentcapability is available whenever the phone screen is active andunlocked. The contactless capability is not available when the phonescreen is still in a locked state. Whenever the phone screen isunlocked, PPSE 1256 may be activated and populated, and portablecommunication device 1201 is able to initiate a payment transaction. Ifthe consumer attempts to initiate a contactless payment with the screenin a locked state, the contactless reader will not be able tocommunicate with portable communication device 1201, and so nothing willhappen on either the access device or on portable communication device1201. When the consumer initiates a contactless payment with the screenin an unlocked state, the contactless reader may request CDCVM entry.Where a device-level CDCVM is used, mobile application 1212 may instructthe consumer to tap portable communication device 1201 to thecontactless reader. Where a mobile application level CDCVM is used,mobile application 1212 may present the CDCVM entry screen to theconsumer, and then instruct the consumer to tap portable communicationdevice 1201 to the contactless reader once a successful CDCVM has beenentered.

When mobile application 1212 and the access device have completed thecommunications to provide the data to complete the transaction, mobileapplication 1212 may display a message indicating that the payment hasbeen sent. A contactless payment conducted using the integrated chipbased transaction path may provide mobile application 1212 with sometransaction data, such as transaction amount and merchant information.Mobile application 1212 can populate the payment sent message with thisinformation. A contactless payment conducted using the magnetic stripebased transaction path does not provide mobile application 1212 with anytransaction data. Following a payment, mobile application 1212 may checkthe account parameter thresholds, and determine if mobile application1212 needs to send a request for replenishment of the accountparameters.

Active Account Management

Active account management logic 1236 of mobile application 1212initiates and manages the request to replenish account parameters whenthe account parameter thresholds have been exceeded. In order tomitigate the risk of the account parameters stored in account parametersstorage 1240 from being compromised, account parameters can beperiodically generated by CBPP and replenished in mobile application1212 as well as refreshed in the issuer/host system in order to maintainthe account in the active state. For the active account managementprocess to be initiated, CBPP may receive a replenishment request fornew account parameters from mobile application 1212 through MAP. CBPP180 can also act upon a request received from the issuer/host system.

In some embodiments, active account management logic 1236 of mobileapplication 1212 can trigger the update or replenishment of the accountparameters through an account parameters replenishment pull process.Active account management logic 1236 may attempt to initiate the accountparameters replenishment flow at the time the consumer launches mobileapplication 1212, or after a transaction has been completed, and theaccount parameter thresholds 1252 have been exceeded. Upon receiving anupdated set of account parameters, mobile application 1212 may processthe account parameters payload and make the new account parametersavailable for payment. Upon successfully processing the new set ofaccount parameters, mobile application 1212 may generate a notificationto MAP. MAP may notify CBPP that the account parameters weresuccessfully delivered to mobile application 1212. Note that updatedaccount parameters can be accompanied with a new set of device thresholdmanagement parameters (e.g., different limited-use thresholds than theprevious set of account parameters) that an issuer may want to use whenthe customer is in different environments (e.g. outside of the domesticmarket). Before initiating the exchange of sensitive information, MAPmay perform user, device, and application level authentication.

The update or replenishment of the account parameters can also beperformed with an account parameter replenishment push process. In thisflow, CBPP initiates the process to update the account parameters. CBPPsends a push message to MAP to initiate the replenishment push. MAP maythen sends a push message to mobile application 1212. Mobile application1212 then generates the account parameter update request per thereplenishment pull flow described above. Before initiating the exchangeof sensitive information, MAP may perform user, device, and applicationlevel authentication. If a user level authentication is used becauseprevious authentication has expired, then mobile application 1212 maycache the request until the consumer opens mobile application 1212 andperforms a user level authentication. After the successfulauthentication, mobile application 1212 follows the same procedure as inthe replenishment pull flow. If user level authentication is not neededbecause the previous authentication has not expired, mobile application1212 can immediately follow the same procedure as in the replenishmentpull flow.

Upon receiving an updated set of account parameters, active accountmanagement logic 1236 may check the validity of the new accountparameters, make the new account parameters available for payment, resetthe account parameters thresholds, reset the account parametersthreshold configurations, and delete the old set of account parameters.In some embodiments, mobile application 1212 may allow a transaction tobe initiated even if the account parameters have not been updated due tolack of network connectivity. The issuer/host system or paymentprocessing network acting on behalf of the issuer may make the decisionto approve or decline the transaction based on knowledge of the staleaccount parameters in combination with other issuer defined riskmetrics.

Mobile application 1212 may include a number of cloud-based paymentsdevice account parameters thresholds 1252 or risk limits that triggerthe update of the current set of account parameters. This may include anumber of transactions, a time to live, and/or cumulative transactionamount, etc. If the account parameters are valid for a number oftransactions in CBPP, then account parameter thresholds 1252 in mobileapplication 1212 can be configured with a lower threshold number oftransactions (e.g., one less than the number of transactions in CBPP) totrigger replenishment. If account parameters have an expiration time inCBPP, account parameter thresholds 1252 in mobile application 1212 canbe configured with a threshold amount of time sooner than the expirationtime to trigger replenishment. Where available from the contactlessreader, the transaction amount can be used by active account managementlogic 1236 to make a decision as to whether the account parametersshould be updated. Smaller transaction amounts would not necessarilyrequire an immediate update of the account parameters. This mechanism,however, may not be reliable in environments where mobile application1212 does not consistently receive the transaction amount from theaccess terminal. Where available, a cumulative transaction amount can beused as the trigger for account parameters update. This limit is basedon the sum of individual transaction amounts. This data may not benecessarily reliable from mobile application 1212 point of view unlessthe data gets synchronized with the issuer/host system to ensure that agiven transaction has been approved. A domestic versus internationalrisk setting can also be used to trigger updates for internationaltransactions more often in case they are considered more risky.

Account Lifecycle Management

Mobile application 1212 may include lifecycle management logic 1234 toprovide a user-initiated delete option for the user to delete a card oraccount from mobile application 1212 via lifecycle management logic1234. Account lifecycle logic 1234 may delete account parameters storedin account parameters storage 1240 associated with that account, alongwith all other account configuration data or artifacts. Lifecyclemanagement logic 1234 may initiate the process of account deletion inCBPP by initiating a delete request to CBPP through MAP.

Lifecycle management logic 1234 may enable an issuer-initiated deletemechanism for an issuer to delete an account. The issuer/hos system maysend a delete request to CBPP, and in turn, CBPP may route the requestto mobile application 1212. Lifecycle management logic 1234 may deletelocally stored account parameters associated with the account, alongwith all other account configuration data or artifacts. Mobileapplication 1212 may send an acknowledgement to MAP indicating that thedeletion was completed. Mobile application 1212 may also display amessage to user informing that the account is deleted.

Lifecycle management logic 1234 may enable an issuer-initiated suspendmechanism for an issuer to suspend an account. The issuer/host systemcan send a suspend request to CBPP, and in turn, CBPP may route therequest to mobile application 1212. Lifecycle management logic 1234 maysuspend the card or account in mobile application 1212. In the suspendedstate, the account cannot be selectable in the mobile applicationsettings to make a payment. Lifecycle management logic 1234 may send anacknowledgement to MAP after suspending the account. Mobile application1212 may display a message to user informing that the account issuspended, and may also inform the consumer to contact the issuing bank.

Lifecycle management logic 1234 may enable an issuer-initiated resumemechanism for an issuer to resume an account when it has been suspendedin mobile application 1212. The issuer/host system may send a resumerequest to CBPP, and in turn, CBPP may route the request to mobileapplication 1212. Lifecycle management logic 1234 may resume the card oraccount in mobile application 1212. After resuming, the card or accountmay be selectable in the mobile application settings for payment. Mobileapplication 1212 may send an acknowledgement to MAP after resuming theaccount, and display a message to user informing that the account hasbeen resumed.

Post Payment Interactions

Post payment interactions or processing can help issuers mitigate therisk of account parameters being compromised and hence can help limitthe exposure of the account parameters stored on portable communicationdevice 1201. Information contained in a transaction verification log maybe used to provide a reference point for CBPP to assist in assurancethat account parameter replenishment requests are originating from theexpected portable communication device. Mobile application 1212 mayinclude post payment logic 1238 to extract information from transactionverification log 1254 in order to construct account parameterreplenishment requests.

Furthermore, the issuer/host system working in conjunction with CBPP mayhave the option of initiating a request, through MAP, for transactionverification log data captured and stored by mobile application 1212 toverify transactions. Mobile application 1212 may respond, through MAP,to the request with the requested transaction verification log data.This data can then be verified by the issuer/host system in order toconfirm if a particular transaction had originated from the queriedportable communication device. Examples of the data elements that may beincluded in the transaction verification log may include, for eachtransaction, transaction time (e.g., contactless interaction time,transaction amount, and unpredictable number received from the accessdevice during the transaction) as well as account parameters informationsuch as the key index associated with the LUK that was used to conductthe transactions. For payment transaction verification, mobileapplication 1212 may receive and process request from MAP fortransaction verification log data captured and stored by mobileapplication 1212. Mobile application 1212 may respond to the MAP requestwith the requested transaction verification log data. Mobile application1212 may use the current account parameter's LUK or equivalent in thedynamic data portion of the account parameters to sign the requestedtransaction verification log data.

Transaction Verification Log

Mobile application 1212 can maintain transaction verification log 1254to log all contactless interactions (e.g., NFC) where payment accountparameters where shared with an access device, irrespective if thetransaction was accepted or declined, or irrespective of whether mobileapplication 1212 has visibility to the outcome of the transaction (e.g.,accepted or declined). Mobile application 1212 may store the transactionverification log data for the current and the previous set of accountparameters per payment account. In some embodiments, the transactionverification log data for old set of account parameters can be deletedonce mobile application 1212 receives a new set of account parameters.Transaction verification log 1254 may or may not be accessible orvisible to the user.

XII. Exemplary Computer System

The various entities or components described herein with reference toFIG. 1 may be associated with or operate one or more computerapparatuses to facilitate the functions described herein. Any of theentities or components in FIG. 1, including any server or database, mayuse any suitable number of subsystems to facilitate the functions.

Examples of such subsystems or components are shown in FIG. 16. Thesubsystems shown in FIG. 16 are interconnected via a system bus 1602.Additional subsystems such as a printer 1604, keyboard 1606, fixed disk1608 (or other memory comprising computer readable media), monitor 1610,which is coupled to display adapter 1612, and others are shown.Peripherals and input/output (I/O) devices, which couple to I/Ocontroller 1614 (which can be a processor or other suitable controller),can be connected to the computer system by any number of means known inthe art, such as serial port 1616. For example, serial port 1616 orexternal interface 1618 can be used to connect the computer apparatus toa wide area network such as the Internet, a mouse input device, or ascanner. The interconnection via system bus allows the central processor1620 to communicate with each subsystem and to control the execution ofinstructions from system memory 1622 or the fixed disk 1608, as well asthe exchange of information between subsystems. The system memory 1622and/or the fixed disk 1608 may embody a computer readable medium.

Embodiments of the invention are not limited to the above-describedembodiments. For example, although separate functional blocks are shownfor an issuer, payment processing network, and acquirer, some entitiesperform all of these functions and may be included in embodiments ofinvention.

Specific details regarding some of the above-described aspects areprovided above. The specific details of the specific aspects may becombined in any suitable manner without departing from the spirit andscope of embodiments of the invention. For example, back end processing,data analysis, data collection, and other transactions may all becombined in some embodiments of the invention. However, otherembodiments of the invention may be directed to specific embodimentsrelating to each individual aspect, or specific combinations of theseindividual aspects.

It should be understood that the present invention as described abovecan be implemented in the form of control logic using computer software(stored in a tangible physical medium) in a modular or integratedmanner. Based on the disclosure and teachings provided herein, a personof ordinary skill in the art will know and appreciate other ways and/ormethods to implement the present invention using hardware and acombination of hardware and software.

Any of the software components or functions described in thisapplication, may be implemented as software code to be executed by aprocessor using any suitable computer language such as, for example,Java, C++ or Perl using, for example, conventional or object-orientedtechniques. The software code may be stored as a series of instructions,or commands on a computer readable medium, such as a random accessmemory (RAM), a read only memory (ROM), a magnetic medium such as ahard-drive or a floppy disk, or an optical medium such as a CD-ROM. Anysuch computer readable medium may reside on or within a singlecomputational apparatus, and may be present on or within differentcomputational apparatuses within a system or network.

The above description is illustrative and is not restrictive. Manyvariations of the invention will become apparent to those skilled in theart upon review of the disclosure. The scope of the invention should,therefore, be determined not with reference to the above description,but instead should be determined with reference to the pending claimsalong with their full scope or equivalents.

One or more features from any embodiment may be combined with one ormore features of any other embodiment without departing from the scopeof the invention.

A recitation of “a”, “an” or “the” is intended to mean “one or more”unless specifically indicated to the contrary.

All patents, patent applications, publications, and descriptionsmentioned above are herein incorporated by reference in their entiretyfor all purposes. None is admitted to be prior art.

What is claimed is:
 1. A method for enhancing security of acommunication device when conducting a transaction using thecommunication device, the method comprising: encrypting, by a computer,account information with a first encryption key to generate a secondencryption key; encrypting key index information using the secondencryption key to generate a limited-use key (LUK), wherein the keyindex information includes a key index having information pertaining togeneration of the LUK; and providing the LUK and the key index to thecommunication device to facilitate generation of a transactioncryptogram for the transaction conducted using the communication device,wherein the transaction is authorized based on the transactioncryptogram generated from the LUK.
 2. The method of claim 1, wherein thekey index information includes a counter value indicating a number oftimes that the LUK has been renewed in a predetermined time period. 3.The method of claim 1, wherein the key index information includes timeinformation indicating when the LUK is generated.
 4. The method of claim1, wherein the LUK is associated with a set of one or more limited-usethresholds to limit the number of transactions that can be conductedusing the LUK.
 5. The method of claim 1, wherein the account informationincludes a token that is a substitute for an account identifier.
 6. Themethod of claim 1, wherein the first encryption key is a masterderivation key associated with an issuer of an account associated withthe account information.
 7. The method of claim 6, wherein the secondencryption key is a unique derivation key for the account.
 8. The methodof claim 1, wherein encrypting the account information with the firstencryption key to generate the second encryption key includes:encrypting the account information using the first encryption key togenerate a first portion of the second encryption key; inverting theaccount information; and encrypting the inverted account informationusing the first encryption key to generate a second portion of thesecond encryption key.
 9. The method of claim 1, wherein encrypting thekey index information using the second encryption key to generate theLUK includes: padding the key index with a first value to generate afirst padded key index information; encrypting the first padded keyindex information to generate a first portion of the LUK; padding thekey index with a second value to generate a second padded key indexinformation; and encrypting the second padded key index information togenerate a second portion of the LUK.
 10. The method of claim 1, whereinthe transaction cryptogram is generated by: enciphering transactioninformation using a first portion of the LUK; deciphering the encipheredtransaction information using a second portion of the LUK; andre-enciphering the deciphered transaction information using the firstportion of the LUK.
 11. The method of claim 1, wherein the transactioncryptogram is generated by: encrypting a predetermined numeric stringusing the LUK; and decimalizing the encrypted predetermined numericstring.
 12. The method of claim 11, wherein decimalizing the encryptedpredetermined numeric string includes: extracting numeric digits fromthe encrypted predetermined numeric string to form a first data block;extracting hexadecimal digits from the encrypted predetermined numericstring and converting each extracted hexadecimal digit into a numericdigit to form a second data block; and concatenating the first datablock and the second data block.
 13. A computer for enhancing securityof a communication device when conducting transactions using thecommunication device, the computer comprising: a processor; and a memorystoring computer-readable code, which when executed by the processor,causes the computer to perform operations including: encrypting accountinformation with a first encryption key to generate a second encryptionkey; encrypting key index information using the second encryption key togenerate a limited-use key (LUK), wherein the key index informationincludes a key index having information pertaining to generation of theLUK; and providing the LUK and the key index to the communication deviceto facilitate generation of a transaction cryptogram for the transactionconducted using the communication device, wherein the transaction isauthorized based on the transaction cryptogram generated from the LUK.14. The computer of claim 13, wherein the key index information includesa counter value indicating a number of times that the LUK has beenrenewed in a predetermined time period.
 15. The computer of claim 13,wherein the key index information includes time information indicatingwhen the LUK is generated.
 16. The computer of claim 13, wherein the LUKis associated with a set of one or more limited-use thresholds to limitthe number of transactions that can be conducted using the LUK.
 17. Thecomputer of claim 13, wherein the account information includes a tokenthat is a substitute for an account identifier.
 18. The computer ofclaim 13, wherein the first encryption key is a master derivation keyassociated with an issuer of an account associated with the accountinformation.
 19. The computer of claim 13, wherein the second encryptionkey is a unique derivation key for the account.
 20. The computer ofclaim 13, wherein encrypting the account information with the firstencryption key to generate the second encryption key includes:encrypting the account information using the first encryption key togenerate a first portion of the second encryption key; inverting theaccount information; and encrypting the inverted account informationusing the first encryption key to generate a second portion of thesecond encryption key.
 21. The computer of claim 13, wherein encryptingthe key index information using the second encryption key to generatethe LUK includes: padding the key index with a first value to generate afirst padded key index information; encrypting the first padded keyindex information to generate a first portion of the LUK; padding thekey index with a second value to generate a second padded key indexinformation; and encrypting the second padded key index information togenerate a second portion of the LUK.
 22. The computer of claim 13,wherein the transaction cryptogram is generated by: encipheringtransaction information using a first portion of the LUK; decipheringthe enciphered transaction information using a second portion of theLUK; and re-enciphering the deciphered transaction information using thefirst portion of the LUK.
 23. The computer of claim 13, wherein thetransaction cryptogram is generated by: encrypting a predeterminednumeric string using the LUK; and decimalizing the encryptedpredetermined numeric string.
 24. The computer of claim 23, whereindecimalizing the encrypted predetermined numeric string includes:extracting numeric digits from the encrypted predetermined numericstring to form a first data block; extracting hexadecimal digits fromthe encrypted predetermined numeric string and converting each extractedhexadecimal digit into a numeric digit to form a second data block; andconcatenating the first data block and the second data block.